I am using MWG 22.214.171.124.0. I would like to find out if there is a way for MWG to prevent non-encrypted or non-ssl traffic from going over 443. CheckPoint IPS seems to offer a solution (How to prevent NON-SSL traffic from tunnelling over port 443 ), I have not found anything regarding this for MWG (preferably without SSL inspection).
I would appreciate it if someone could point me in the right direction ;-)
To attempt non-SSL traffic over 443, I'm guessing, would involve a request that looks like CONNECT http://example.org:443 ...
So, there would be criteria involving URL.Protocol (I think) and URL.Port. For example:
Of course, I haven't tested this, and there might be some fiddling and other considerations. Rule traces and packet traces might be necessary to get everything in order.
Thank you for the quick response. Its probably not that difficult, but I am having trouble finding a detailed explanation for all the rule criteria. I will need to set up a scenario where I can test these different combinations....wont be for a couple of weeks though.
I think SSL inspection might be a bit of a overkill for this.
In case someone has set this up already, feel free to comment