How to set USG to block an HTTPS website?
Since the Content filter can't filter HTTPS websites, how to set USG to block an HTTPS website?
SETUP/STEP BY STEP PROCEDURE:
There are two ways how the USG can block an HTTPS website:
Method 1. Please set up a firewall rule to block an HTTPS website:
Please add firewall rule with source:any; destination: https site's IP; Access: reject.
The USG will block all https access to the site.
Please refer to the picture below to set up the firewall rule on the USG:
Method 2. Please change the DNS server record to block the HTTPS website:
If IP addresses of websites are dynamic, you can also use the work-around of changing the DNS server address record to prevent access to the HTTPs websites.
Please add a DNS address record with FQDN, ex: *.facebook.com
Set its IP Address to: 0.0.0.0.
This can prevent computers from locating the websites via the DNS server. The method allows the USG to effectively block HTTPs websites.
Please refer to the picture below to set DNS server address record on the USG:
However, this work-around will fail if users locate the HTTPS website’s real IP by accessing an external DNS server.
Although this work-around may present some security risks, since the content filter can't filter HTTPS websites,Setting up a firewall rule and changing the DNS address record are the only ways to block HTTPs websites.
Setting up a firewall rule and changing the DNS address record are the only ways to block HTTPs websites.
As a result, the following page will be shown to users accessing HTTPS websites:
- 8.4K All Categories
- 1.6K Nebula
- 70 Nebula Ideas
- 57 Nebula Status and Incidents
- 4.5K Security
- 226 Security Ideas
- 981 Switch
- 46 Switch Ideas
- 872 WirelessLAN
- 22 WLAN Ideas
- 5.1K Consumer Product
- 156 Service & License
- 280 News and Release
- 97 Success Stories
- 59 Security Advisories
- 13 Education Center
- 579 FAQ
- 262 Nebula FAQ
- 160 Security FAQ
- 76 Switch FAQ
- 74 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 46 Security Highlight