I blocked a site but I can still reach it!
Have no fear! This is usually easily resolved.
First thing to check is your Block Sites rules. For best results, we recommend formatting those entries as *website.com*, including the asterisks but not including any http[s]:// or www. For example, to block Facebook, you'd create a Web Filter entry just like this:
If it's an HTTPS/SSL-encrypted site, you'll need to get slightly more creative. It can be helpful to enable all three 'process HTTPS traffic by SNI' options at the top of Web Filter > Advanced:
This will allow Web Filter to try and parse SSL-encrypted sites as best it can, but the more effective option would be to install & configure SSL Inspector. This allows Web Filter (and other NGFW applications!) to treat HTTPS pages like they're HTTP pages, which allows them to be filtered normally.
If you've configured SSL Inspector and deployed the root certificate to all your client devices, it's important to make sure your certificate is working correctly. In Network > Administration > Certificates, check the 'Server Certificate Verification' pane in the top right-hand corner. If it says it is 'missing' any information, you'll want to re-generate your certificate (though you don't need to re-deploy it to your devices).
Lastly, some sites may be blockable via Application Control as well; check the Applications tab and block or tarpit any application signatures matching the site in question.
If you've done all that and the site is still accessible, contact us and we'll help out!Follow
Please sign in to leave a comment.