How to block HTTPS websites by Domain Filter without
applying SSL Inspection
The Content Filter with HTTPs Domain Filter allows you to block HTTPs websites by
category service without SSL-Inspection. The filtering feature is based on more than 50
Managed Categories built in ZyWALL/USG such as pornography, gambling, hacking,
etc.
When user makes HTTPS request, the information contains a Server Name Indication
(SNI) extension fields in server FQDN. Using the SNI to query category from
Commtouch engine, then take action when it matches the block category in
Content Filter profile.
Figure 208 ZyWALL/USG Domain Filter Example
Note: All network IP addresses and subnet masks are used as examples in this
article. Please replace them with your actual network IP addresses and subnet
masks. This example was tested using USG310 (Firmware Version: 4.13)
www.zyxel.com
143/255