You can associate a WebBlocker configuration with your HTTPS-proxy policy to allow or block websites based on the WebBlocker category.
In Fireware XTM OS v11.9.4 and higher, you can also choose the WebBlocker categories on which to perform content inspection, when content inspection is enabled for your HTTPS-proxy. The category list from your WebBlocker configuration shows categories that are allowed by WebBlocker, and you can select the categories to inspect. The Domain Names rules take precedence over WebBlocker actions. WebBlocker checks only occur when there is no Domain Rule match and the action to take if no rule is matched is Allow.
For more information about Domain Names rules, see HTTPS-Proxy: Domain Names.
In Fireware XTM OS v11.9.3 and lower, the ability to allow or deny sites based on your WebBlocker configuration only applies to traffic that is not content inspected.
On the HTTPS Proxy Action Configuration page:
For more information, see About WebBlocker.
About Proxy Policies and ALGs
About the HTTPS-Proxy