Scenario 12 - Block Https Web Site By Content Filter; Application Scenario; Configuration Guide - ZyXEL Communications ZyWALL USG Series Application Notes

Scenario 12 – Block HTTPS Websites by Content Filter
Introduction:
The Content Filter function can distinguish between websites by categories. Since the Content Filter does
not know that the traffic has already been encrypted, so the HTTPS websites cannot be detected. But now
can we use the "SSL Inspection" function to decrypt the packets, and then to block it.
After enabling the SSL inspection, clients only need to import the certificate generated by the USG,
because the USG has become a proxy to help to verify these HTTPS websites, so client only needs to trust
the USG.
After using the SSL inspect function, HTTPs traffic can detect it well by the Content Filter function.

12.1 Application Scenario

Block the search engine in the internal website.

12.2 Configuration Guide

(1) Create an object in SSL inspection function.
Go to Configuration > UTM Profile > SSL Inspection > Profile, and click on "Add" to add an SSL Inspection
object.
(2) Create a Content Filter object on the device.
Go to Configuration > UTM Profile > Content Filter > and click on "Add" to create a Content Filter profile.
74