We have a school with a NS4600 installed in May. It has SSO enabled and separate Content Filtering Policies for each peer group.
We also have DPI-SSL set up.
It appears that students can get around the content filtering to Facebook and other social media and other types of sites by constantly refreshing their browser when the blocked page appears
They also have an issue where if they put the blocked url into google translate then they can circumnavigate the filtering and reach the site.
it seems that the number of DPI-SSL sessions is being reached and then the firewall opens all new sessions with no filtering at all instead of dropping packets once the session limit is reached.
Has anyone else had this issue?