5 Replies Latest reply on May 27, 2014 8:09 AM by mtuma

    Smart Filter issue

    jkeranen

      Good morning.     We block people from facebook at our company and It has been brought to my attention that  if they type in www.facebook.com it blocks them.   If they run a google search on anything we block they are allowed to get to the page through google.   Any ideas??   Thanks in advance for any help you can provide.   

       

      JK

        • 1. Re: Smart Filter issue

          Hello,

           

          There is a log in /var/log that might be useful here. Check out /var/log/SF.log and search for source ip addresses. Even if someone goes to google, searches for a website such as facebook, I would expect Smartfilter to block them. There might be something else going on, like google cached the pages, sending them to an ip address instead of hostname or is sending them to the https version of the page. Depending on what is actually happening, there are different steps to take.

           

          What shows up in the URL bar in the browser when they are able to get to facebook?

           

          -Matt

          • 2. Re: Smart Filter issue
            jkeranen

            Hi Matt.  The address we are getting in the URL is https://www.facebook.com

             

            It seems we can block the http traffic from facebook but not the https.    Thanks.

            JK

            • 3. Re: Smart Filter issue

              Hello,

               

              Ok. HTTPS complicates things a little bit when it comes to Smartfilter. With a regular HTTPS request, the firewall only sees the destination IP address, not the URL or hostname. Smartfilter does categorize most ip addresses but the problem is that web sites change ip addresses constantly and an ip address can host multiple websites.

               

              Other things that can be done are to use non-transparent web traffic where the firewall is acting as a non-transparent proxy. In this case the firewall will see the CONNECT: https://www.facebook.com and will be able allow or block the traffic. Another option is SSL decryption/re-encryption. Both of these suggestions do require extra configuration.

               

              Hope this helps,

               

              Matt

              • 4. Re: Smart Filter issue
                stonewall

                I have a same problem.

                I created a SSL policy is SSL decryption / re-encryption. However. I got a notification that :

                Deny Facebook.jpg

                 

                In additions, I also got a similar notification when I connecting to Gmail.

                My MFE version is 8.3.2 P03

                 

                Please suggest for me a best way  on this case.

                 

                Message was edited by: stonewall on 5/26/14 12:20:21 AM CDT

                 

                Message was edited by: stonewall on 5/26/14 2:31:22 AM CDT
                • 5. Re: Smart Filter issue

                  Hello,

                   

                  It is a little hard to tell what is happening simply by looking at the screenshot provided, but I am wondering if this is related to the certificate that the Firewall presents to the client. By default, the browser is not going to trust the certificate. There are additional steps required for this to work properly. They are documented in the Product Guide, there is a section called "Export the firewall CA certificate to protected clients".

                   

                  https://kc.mcafee.com/corporate/index?page=content&id=PD24698

                   

                  -Matt