Hi. My company is intending to purchase the Wingate Enterprise and right now we are evaluating it. One of the criteria of evaluation is that we need to successfully block all social media e.g. Facebook, Twitter that is operating on HTTPS. I am evaluating on Wingate 8. And I hope you can help me out a bit here.
I have dug around and it says that in order to effectively block HTTPS sites, we need to enable SSL inspection.
Prior to that I have defined a block URLs under Control Panel > Data > Global Data > Banned Sites.
Then, I create an certificate in Control Panel > Certificates > Add Certificate. The following Encryption Options were specified:-
Encryption: DES in CBC mode
Options: Use 65537 for the exponent
Size: 1024bits
The certificate generated was then exported out using Windows Certificate Export Wizard and installed on a workstation.
Then, I enable the SSL Inspection option in Control Panel > Services > WWW Proxy Server > SSL Inspection. Enable inspection of encrypted content option is ticked, Signer certificate pointed to the certificate generated in Step 2. Validate server certificate, Perform validation on entire certificate chain and Block access if certificate validation fails option were all checked.
On my testing workstation, I am still able to browse Facebook. Is there any portion here which I am doing wrongly? Any help is greatly appreciated.
Steps to effectively block Facebook using SSL Inspection
Moderator: Qbik Staff
3 posts
• Page 1 of 1
Steps to effectively block Facebook using SSL Inspection
by sws229 » Aug 26 14 8:39 pm
- sws229
- Posts: 2
- Joined: Aug 26 14 8:05 pm
Re: Steps to effectively block Facebook using SSL Inspection
by adrien » Aug 29 14 10:02 am
Hi
do you see the facebook URLs showing up in the activity panel in WinGate Management?
I'm just wondering if it's not going through the web proxy somehow (e.g. NAT, or some other path on your network to the Internet)
regards
Adrien de Croy
do you see the facebook URLs showing up in the activity panel in WinGate Management?
I'm just wondering if it's not going through the web proxy somehow (e.g. NAT, or some other path on your network to the Internet)
regards
Adrien de Croy
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Steps to effectively block Facebook using SSL Inspection
by sws229 » Sep 02 14 4:00 pm
Hi Adrien,
Thanks for your reply. I managed to block it after fiddling with it for a while. Here's some of the additional steps that I did on top of my initial steps.
On top of installing the certificate on the test work machine, I have also installed the certificate on the server under Trusted Root.
As for Banned Sites list, I am using the pattern match method instead of the exact match (faster) method. I've changed the URL from facebook.com to www.facebook.com.
With these changes, Wingate will display the Blocked page whenever I browse Facebook and I am able to see Facebook getting HTTP 403 Request Denied on Monitoring > Activity panel.
Thanks for your reply. I managed to block it after fiddling with it for a while. Here's some of the additional steps that I did on top of my initial steps.
On top of installing the certificate on the test work machine, I have also installed the certificate on the server under Trusted Root.
As for Banned Sites list, I am using the pattern match method instead of the exact match (faster) method. I've changed the URL from facebook.com to www.facebook.com.
With these changes, Wingate will display the Blocked page whenever I browse Facebook and I am able to see Facebook getting HTTP 403 Request Denied on Monitoring > Activity panel.
- sws229
- Posts: 2
- Joined: Aug 26 14 8:05 pm
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot] and 1 guest