Everything Instant On

• The configuration for blocking the client traffic based on Web Classification is explained on the below post.
• https://community.arubainstanton.com/t5/Everything-Instant-On/How-to-block-traffic-by-web-category-on-InstanON-per-SSID/m-p/1012

• Let us consider an example, where News & Media being blocked on one of the Networks.

Blocking Network & Media Category

• The Clients connect to the Wireless Network and initiates multiple traffic based on the various Applications running on that Client Device.
• Initially, when a Client Device requests for a website, the AP will spoof the DNS request to see the website URL requested.
• The AP will check its cache to see if the requested URL is already categorized.
• If the AP does not have the category information for the URL requested by the Client Device, the AP will raise a request to https://aruba.brightcloud.com.
• AP uses HTTPS to reach aruba.brightcloud.com to categorize the websites requested by the Client Devices.
• It is hence not possible to capture the communication that happens inside the HTTPS traffic.

AP resolving IP address of aruba.brightcloud.com

AP communicating with brightcloud through HTTPS

• Until the web traffic categorized by aruba.brightcloud.com, the APs will categorize the Website as Unknown and the Clients will be able to access the websites.
• Once the AP receives the web classification for that website, and if the client traffic matches the blocked category, the APs will block the Client Traffic.

Access Denied

• If not, the AP will forward the client traffic to the Webserver and provide the Website requested by the Client Devices

Allow Access