Sophos UTM Policy Tester Shows Incorrect Result

The Web Protection policy tester displays an incorrect result in the following case:

– A domain such as www.youtube.com is blocked

– A page on that domain such as https://www.youtube.com/watch?v=1234567 is allowed

The policy tester will show the URL is allowed, but if a client actually tries to browse directly to it, they will be blocked.

The client is blocked because when browsing to that URL, the browser first tries to open up a SSL CONNECT tunnel to www.youtube.com, which is blocked. The client doesn’t actually get the chance to request the actual URL. This occurs regardless of whether Decrypt & Scan is enabled.





Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: