Product
SSL/TLS Inspection & Sandbox
Turn on full HTTPS inspection at the secure gateway — and every URL path, form submission and downloaded file comes back into view. Adds the controls that DNS and SNI-level filtering can't reach: block a specific YouTube channel not the whole domain, strip malware from a download before it lands, detonate an unknown file in isolation and only pass it through if the verdict's clean.
What it does
Inspect inside HTTPS
The gateway terminates and re-encrypts each session using the school's certificate, so category, threat and policy rules apply to URL paths and payloads — not just hostnames. One-click toggle per school; flip back to SNI-only any time.
Block specific URLs, not just domains
Allow YouTube but block specific channels. Allow Reddit but block specific subreddits. Let students read news sites but block their embedded video players. Granular control that DNS can never give you.
Download scanning with ClamAV-grade signatures
Every file pulled through the gateway is inspected before it reaches the student. Malware, ransomware, unsafe attachments — blocked at the gateway, not on the device.
Sandbox suspicious files
Unknown executables and risky attachments are detonated in isolation — verdicts in seconds. Only files with a clean verdict are delivered.
Smart bypass list
Banking, healthcare, government and apps that cert-pin are never inspected — they bypass automatically, so critical services keep working. Edit the list per school if something specific needs to be exempt.
Geo-blocking
Block traffic to or from selected countries to reduce exposure to high-risk regions. Logged separately for compliance review.
Who it's for
Schools dealing with sophisticated threats — ransomware, phishing kits, drive-by downloads — or needing URL-level controls that DNS can't provide.
Included in
Sovereign