Unified Agent cannot perform SSL inspection. For this reason, it is possible in certain circumstances for a user to access a blocked web site over HTTPS.

For example, a user logs on to an allowed site via HTTPS, and then from that site clicks a link to a blocked site. Because the request for the blocked site is SSL encrypted, Unified Agent cannot detect the request and therefore does not block it.

Note: Unified Agent can read the SNI (server name indication) header — which may provide the domain of the request — and apply filters based on that information.

Two possible solutions:

• Block the original site
• Switch to Symantec Web Security Service (WSS) — ProxySG in the cloud — which uses SSL Visibility to decrypt requests