AnsweredHot!Web Page Blocked - Category: Unrated

Author
R1chou
New Member
  • Total Posts : 11
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/11/17 02:32:25
  • Status: offline
2021/03/08 02:58:33 (permalink)
0

Web Page Blocked - Category: Unrated

Hello,
 
I have a server in my DMZ which must communicate with my antivirus manager server in my LAN.
Ports used are 80 and 443
IP v4 rules are ok.
 
I encounter an issue when I try to access to the url https://antivirusserver.domain.local from my DMZ server
I get the following message

Web Page Blocked!

You have tried to access a web page which is in violation of your internet usage policy.
URL: https://F-Secure Policy Manager automatically generated self-signed certificate/
Category: Unrated
User name:
Group name:

To have the rating of this web page re-evaluated please click here.
 
If I disable the web filter in my rule I can browse the URL.
I tried to add antivirusserver.domain.local as a wildcard and allow it to static url filter but it doesn't work.
Allow tried to add the url to my white list in web rating overrides but it doesn't work.
 
Do you have an idea ?

Regards,
#1
Toshi Esumi
Expert Member
  • Total Posts : 2524
  • Scores: 241
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: online
Re: Web Page Blocked - Category: Unrated 2021/03/08 09:54:57 (permalink) ☼ Best Answerby R1chou 2021/03/09 00:09:29
0
You must have either certificate inspection or deep inspection for SSL set on the hitting policy. I think it started blocking invalid certificates by default after 6.2. I would try separating a policy only for this particular traffic and apply a new inspection profile with either "Untrusted SSL certificate:Allow" or "Allow invalid SSL certificate" if your server can't have a valid cert. We encountered a similar issue with SSL VPN when we upgrade FGTs to 6.2.7, and did the former to mitigate.
By the way, you might want to move the virus mng server into DMZ.
#2
R1chou
New Member
  • Total Posts : 11
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/11/17 02:32:25
  • Status: offline
Re: Web Page Blocked - Category: Unrated 2021/03/09 00:09:22 (permalink)
0
Hello,
 
You are right, changing the ssl inspection allows me to access to the url (without adding the url to my white list or in static url filter).
 
Regards,
#3
Jump to:
© 2021 APG vNext Commercial Version 5.5