ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Unified Agent Local Enforcement does not detect encrypted site requests

book

Article ID: 172336

calendar_today

Updated On:

Products

Unified Agent Local Enforcement

Issue/Introduction

Unified Agent cannot perform SSL inspection. For this reason, it is possible in certain circumstances for a user to access a blocked web site over HTTPS.

For example, a user logs on to an allowed site via HTTPS, and then from that site clicks a link to a blocked site. Because the request for the blocked site is SSL encrypted, Unified Agent cannot detect the request and therefore does not block it.

Note: Unified Agent can read the SNI (server name indication) header — which may provide the domain of the request — and apply filters based on that information.

Resolution

Two possible solutions:

  • Block the original site
  • Switch to Symantec Web Security Service (WSS) — ProxySG in the cloud — which uses SSL Visibility to decrypt requests