In this tutorial, we’ll see how to set up https url filtering (SSL) without needing to decrypt and therefore deploy the stormshield certificate.
This solution does not display a blocking page, users will have a blank page.
Implementing https URL filtering
1. Log in to your Stormshield.
2. In the menu on the left, go to SECURITY POLICY 1 then SSL filtering 2 and click on Add rules by category 3.
3. All categories 1 on your Stormshield should be added to the filter policy.
4. You must now for each category 1, modify the action. To block, you must put the Block without decryting action and pass Pass without decryting.
5. Check that the last line is the category any 1. Depending on the desired policy, modify the action. Then click Apply 2 to save.
The filtering rules are read from top to bottom, if the category any is not the last, what is below is ignored.
6. Go to Filtering – NAT 1, add a new SSL inspection rule 2.
7. Configure source and destination 1, select the SSL profile you just made 2, and click Finish 3 to add the rules.
8. Two rules are created, you can see at the level of the first application filtering. Click Save and apply 1 to apply the changes.
Apply an antivirus scan is not useful, to perform the analysis must decrypt the SSL.