Views:

For https traffic blocked by TMWS policy, the following access logs are recorded:

  • ALLOW action for "CONNECT" request, with "Not match any rule" reason
  • BLOCK action for https access

When accessing an HTTPS website via proxy, the client would send a "CONNECT" request. This request is used to create connection between the client & proxy, and proxy & original server. TMWS is not yet performing policy matching at this state therefore, “Not match any rule” is logged.

 
The ALLOW action is expected for a root domain (e.g. https://www.facebook.com).
 

After connection is created, the actual requests for page data would be performed and the expected action would be taken based on the policy configure.

For roaming user, when TMWS received a "CONNECT" request, it would ask for authentication and then decrypt the actual data requests for authentication.

To verify that the website is indeed blocked, you can access it on the machine where the policy is applied.

Keywords: different actions taken by TMWS,discrepancy in actions applied by TMWS,conflicting actions by TMWS