You have blocked a domain or website say example.com or its category and are unable to access the website through ProxySG; However, you notice that you are able to telnet to these blocked sites.
telnet example.com 80
Connected to example.com
Escape character is '^]'.
The CLI output that you see that you see on the telnet test is only because the TCP handshake is successful. This does not indicate that Telnet communication is allowed with the server (example.com) in our case. Communication over Telnet protocol occurs after the handshake. In this case only the TCP handshake occurs. If Telnet communication was to occur after this, the ProxySG would detect this communication as Telnet protocol & evaluate the policies & block any communication.
If you still wish to block communication on Layer 3, we can create a new service with listener port 80 with Telenet & action Drop/Reject; However, this is unnecessary for practical purposes.