Hello,
I would like to inform you that earlier the behaviour of UTM with HTTPS traffic/websites was not consistent becasue we used to send IP address for resolution and since the DNS IP of the HTTPS site might be different than that of the the Websense Server Database. If the IP resolves to something else, it may not match the DB and web filtering may not match it and cannot return correct category for it and hence it got allowed thorugh the SRX. For more information on why IP addresses were sent for HTTPS sites please refer the below KB article:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB21940&actp=search
The ideal way to solve this was to not send IP addresses but send the URL instead directly to the Websense server so that it always resolves to correct category and send that category to SRX and then SRX decides on how to treat with the traffic.
Now the good news is that from the latest versions this is happening as the EWF now sends the URL for the HTTPS websites instead of the IP addresses and hence the UTM for HTTPS websites should be more consistent now. This behaviour change has happened from version 12.3X48-D25. For more information please refer the following document:-
Thanks,
Pulkit Bhandari
Please mark my response as Solution Accepted if it Helps, Kudos are Appreciated too. Image may be NSFW.
Clik here to view.
