Announcement

**jcoffin** · 09-05-2015, 08:17 PM

Nothing to do with Web Cache.

My guess is that since Gmail is accessed via HTTPS (encrypted), it may require HTTPS Inspector to reliably block it. Gmail web application also seems to keep a UDP session active which will not switch to the new policy rack until the session ends. I would try using HTTPS Inspector first.

SSL Inspector - Edge Threat Management Wiki - Arista

http://wiki.untangle.com/index.php/HTTPS_Inspector

**justasking** · 09-05-2015, 08:34 PM

Originally posted by jcoffin View Post

Nothing to do with Web Cache.

My guess is that since Gmail is accessed via HTTPS (encrypted), it may require HTTPS Inspector to reliably block it. Gmail web application also seems to keep a UDP session active which will not switch to the new policy rack until the session ends. I would try using HTTPS Inspector first.

http://wiki.untangle.com/index.php/HTTPS_Inspector

I have Default Rack and Open Gmail Rack.

Should I implement the rules on https inspector on the default rack or gmail rack?

**jcoffin** · 09-05-2015, 08:47 PM

Both would need HTTPS Inspector. I imagine that Open Gmail Rack is a child of the Default rule. In that case if HTTPS inspector is in the default rack, then it is automatically included in the child rack of Open Gmail Rack.

**justasking** · 09-05-2015, 09:11 PM

Originally posted by jcoffin View Post

Both would need HTTPS Inspector. I imagine that Open Gmail Rack is a child of the Default rule. In that case if HTTPS inspector is in the default rack, then it is automatically included in the child rack of Open Gmail Rack.

Yup. Defaul Rack is parent of Open Gmail Rack..

Gonna test this around 2 days since I'm on vacation and I'll get back for results.

Big thanks!

**jcoffin** · 09-05-2015, 09:28 PM

What, people are taking vacation?

**justasking** · 09-07-2015, 01:45 PM

Originally posted by jcoffin View Post

What, people are taking vacation?

I'm on vacation.

So my rules on https inspector would be https certificate subject is *gmail*

I'm not really knowledgeable on UTM so kindly bear with me

**sky-knight** · 09-07-2015, 01:53 PM

Originally posted by jcoffin View Post

What, people are taking vacation?

I'm with you, aren't 3 day weekends mandatory overtime for all in IT?

**dmorris** · 09-07-2015, 01:59 PM

I would not use HTTPS Inspector.
If you goal is just to block gmail/google, it will likely be fine with just SNI which will work fine unless you are using windows XP, but you won't get pretty block pages.

I would troubleshoot why you can access gmail after the time you specified.
Are the sessions going to the correct rack? (Use the session viewer)
Are the old sessions still open? (Use the session viewer)
Is Web Filter doing the right thing? (Use the event log)

Every few minutes the existing sessions are checked against the policy manager rules.
If the session would now be on a different rack, it resets the session. This is so that long-lived sessions already assigned to a rack do not forever stay open when the "policy" has changed.

**justasking** · 09-07-2015, 02:28 PM

Originally posted by dmorris View Post

I would not use HTTPS Inspector.
If you goal is just to block gmail/google, it will likely be fine with just SNI which will work fine unless you are using windows XP, but you won't get pretty block pages.

I would troubleshoot why you can access gmail after the time you specified.
Are the sessions going to the correct rack? (Use the session viewer)
Are the old sessions still open? (Use the session viewer)
Is Web Filter doing the right thing? (Use the event log)

Every few minutes the existing sessions are checked against the policy manager rules.
If the session would now be on a different rack, it resets the session. This is so that long-lived sessions already assigned to a rack do not forever stay open when the "policy" has changed.

For Web Filter..

Gmail is blocked, when I access gmail on a workstation, it shows on event log that block = true

I try to allow gmail on purpose in web filter and access it on workstations, it also shows on event log that block = false

Once again, I blocked gmail in web filter and access gmail on a workstations, this time it didn't show on event log and I can access it.

For Session Viewers..

I don't see any information for my Open Gmail rack

**dmorris** · 09-07-2015, 07:28 PM

Originally posted by justasking View Post

For Web Filter..

Gmail is blocked, when I access gmail on a workstation, it shows on event log that block = true

I try to allow gmail on purpose in web filter and access it on workstations, it also shows on event log that block = false

Once again, I blocked gmail in web filter and access gmail on a workstations, this time it didn't show on event log and I can access it.

You are just changing settings manually?
When you save settings, the new settings are only applied to new sessions. It won't reset existing SSL connections.
When a new web visit is processed, it will consult the new settings.

**justasking** · 09-07-2015, 10:55 PM

Originally posted by dmorris View Post

You are just changing settings manually?
When you save settings, the new settings are only applied to new sessions. It won't reset existing SSL connections.
When a new web visit is processed, it will consult the new settings.

I tried waiting for the time where gmail is allowed / blocked.

Once gmail is allowed (open gmail rack), it will be accessible for the whole time. Gmail are allowed for only an hour but it last more than an hour once i accessed it.

**dmorris** · 09-07-2015, 11:03 PM

I would troubleshoot why you can access gmail after the time you specified.
Are the sessions going to the correct rack? (Use the session viewer)
Are the old sessions still open? (Use the session viewer)
Is Web Filter doing the right thing? (Use the event log)

edit: also if you are testing with chrome make sure to block UDP port 443 with the firewall.

**justasking** · 09-08-2015, 01:42 PM

I would troubleshoot why you can access gmail after the time you specified.
Are the sessions going to the correct rack? (Use the session viewer)
-All workstation belongs to Default Rack where GMAIL is blocked. I only open it on OPEN GMAIL rack. I can see a test workstations on the session viewer which is going to the right rack (default rack)

Are the old sessions still open? (Use the session viewer)
-Nope. By the time i refresh gmail then new sessions establish but the old sessions were gone

Is Web Filter doing the right thing? (Use the event log)
-Im having a hard time regarding this. Should I see the test workstation on Default Rack Web Filter after the time specified? and see test workstations on OPEN GMail rack when gmail is allowed?

I can still access gmail outside the specified time, but I can't see it in event log (both Default and Open Gmail rack).

edit: also if you are testing with chrome make sure to block UDP port 443 with the firewall.
Already did this. No result

**dmorris** · 09-08-2015, 02:45 PM

great. It sounds like you verified that the sessions are in the correct rack with the session viewer.

What is in the event log?
If you want just hit refresh and then use the filter in the dropdown in the "Client Address" column to only view events for the given test client.

What version are you using? It depends on what version you are using... the event logs work somewhat differently, but ultimately any web visits will appear in the event log.

edit: Also you are talking about *Web Filter* right? Web Filter Lite is an entirely different app. It does not process SSL.

Announcement

Web Caching Problem

Web Caching Problem

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment