How to set USG to block an HTTPS website?
Since the Content filter can't filter HTTPS websites, how to set USG to block an HTTPS website?
SETUP/STEP BY STEP PROCEDURE:
There are two ways how the USG can block an HTTPS website:
Method 1. Please set up a firewall rule to block an HTTPS website:
Please add firewall rule with source:any; destination: https site's IP; Access: reject.
The USG will block all https access to the site.
Please refer to the picture below to set up the firewall rule on the USG:
Method 2. Please change the DNS server record to block the HTTPS website:
If IP addresses of websites are dynamic, you can also use the work-around of changing the DNS server address record to prevent access to the HTTPs websites.
Please add a DNS address record with FQDN, ex: *.facebook.com
Set its IP Address to: 0.0.0.0.
This can prevent computers from locating the websites via the DNS server. The method allows the USG to effectively block HTTPs websites.
Please refer to the picture below to set DNS server address record on the USG:
However, this work-around will fail if users locate the HTTPS website’s real IP by accessing an external DNS server.
Although this work-around may present some security risks, since the content filter can't filter HTTPS websites,
Setting up a firewall rule and changing the DNS address record are the only ways to block HTTPs websites.
VERIFICATION:
Setting up a firewall rule and changing the DNS address record are the only ways to block HTTPs websites.
As a result, the following page will be shown to users accessing HTTPS websites:
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 77 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight