Rules

The procedure for editing an SSL filter profile is as follows:

  1. Select a profile from the list of SSL filter profiles.
  2. The table of filters will then appear as well as a screen indicating errors.

NOTE
To set up a URL/SSL filter policy, you are advised to operate in blacklist mode, i.e., explicitly group the URL categories to be prohibited in a custom URL group. A URL/SSL filter rule will then be applied to this group with a block action. This rule must then be placed above the rule that allows all the other categories.

Possible operations

A multiple selection allows assigning the same action to several rules. Select several successive alarms using the Shift ñkey or individually by holding down the Ctrl key. You can also remove an item from an existing selection with the Ctrl key.

Some column titles have the icon . When you click on it, a menu appears and suggests assigning a setting to several selected rules (Status and Action).

EXAMPLE
Several lines can be deleted at the same time, by selecting them with the Ctrl key and pressing on Delete.

The available buttons are:

Add Inserts a line to be configured after the selected line.
Delete Deletes the selected line.
Move up Places the selected line before the line just above it.
Move down Places the selected line after the line just below it.
Cut Removes the selected line and moves it to the clipboard.
Copy Copies the selected line and moves it to the clipboard.
Paste Pastes the line from the clipboard above the selected line.
Add all predefined categories This button makes it possible to create as many filter rules as the number of URL categories in the selected URL base at once.
All rules created in this way are enabled and the associated action by default is Decrypt.
Clean up rules This button is useful for EWC SSL filter policies that were created before SNS version 4.3.24 LTSB, and which were migrated when the URL database provider was changed (SNS 4.3.24 LTSB or higher). It deletes rules using categories that no longer have an equivalent in the URL database of the current provider as of SNS version 4.3.24 LTSB.

Interactive features

Some operations listed in the taskbar can be performed by right-clicking on the table of filter rules:

  • Add,
  • Delete,
  • Cut,
  • Copy,
  • Paste.

The table

The table contains the following columns:

Status Status of the rule:
  • If Enabled, the rule is used for filtering.
  • If Disabled, the rule is not used for filtering. If this rule is disabled, the line will be grayed out in order to reflect this.

REMARK
The firewall will assess rules in their order of appearance on the screen: one by one from the top down. As soon as it comes across a rule that corresponds to the request, it will perform the specified action and stop there. This means that if the action specified in the rule corresponds to Block, all rules below it will also be set to Block.

Action Allows specifying the operation to perform:
  • If Pass without decrypting is specified, access to the requested CN will be allowed without a prior SSL analysis.
  • If Block without decrypting is specified, access to the requested CN will be denied, without any SSL analysis being applied. The connection will be shut down.
  • If Decrypt is specified, the protocol analysis will be applied to the decrypted traffic, as well as on the proxy, if a rule has been created for it.
URL-CN This action applies according to the value of this column. It may contain a group or URL category, as well as a group of certificate names.
Comments Comments relating to the rule.

Errors found in the SSL filter policy

The screen for editing SSL filter rules on the firewall has a rule compliance and coherence analyzer which warns the administrator when a rule inhibits another rule or if there is an error in a rule.

This analyzer groups errors during the creation of rules or incoherent rules.

Errors are displayed in the form of a list. By clicking on an error, the rule concerned will automatically be selected.