Re: RE: DNS web filtering instead of SSL inspection?
Just to be clear... before v5 non deep SSL inspection used only certificate CN thus Google sites could not be differentiated.
BTW the certificate "CN" is ignore in ALL major web-browsers when a AltName is present.
Back to te OP, you could also use a Explicit proxy and block the website without setting up SSLinspection.
PCNSE, NSE , Forcepoint , StrongSwan Specialist