Old USG20 and Content filter (Facebook)

Cava Posts: 7
First Anniversary First Comment
edited April 2021 in Security
Hi. We have a customer with an old USG20 (not USG20-VPN) with the latest firmware (3.30 25-11-2016). They have the content filter and they want to block facebook. I heard that this model cannot check the SSL connection so it's really difficult (or impossible) block HTTPS sites. Is it correct ? They asked me an "official answer"... I was thinking to replace it with a new USG40 or 60 with latest firmware. Could it be a good choise?

All Replies

  • zyman2008
    zyman2008 Posts: 199  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Well, replace to USG40 or USG60 could be a solution.
    Content filter on USG with firmware 4.20 or above version support HTTPs Domain Filter.
    Which can block "*.facebook.com" without decrypt the packets.
  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    it could be a solution to change the old USG20 (EOL/EOS) device to a new 40/60 device.
    but the content filter is a seperate license that must be paied on top (1yr or 2yr subscription).


Security Highlight