The access logs show inconsistency with the action taken to supposedly blocked websites, and "Not match any rule" is logged as the Reason under the Action column.
For https traffic blocked by TMWS policy, the following access logs are recorded:
- ALLOW action for "CONNECT" request, with "Not match any rule" reason
- BLOCK action for https access
When accessing an HTTPS website via proxy, the client would send a "CONNECT" request. This request is used to create connection between the client & proxy, and proxy & original server. TMWS is not yet performing policy matching at this state therefore, “Not match any rule” is logged.
After connection is created, the actual requests for page data would be performed and the expected action would be taken based on the policy configure.
For roaming user, when TMWS received a "CONNECT" request, it would ask for authentication and then decrypt the actual data requests for authentication.
To verify that the website is indeed blocked, you can access it on the machine where the policy is applied.