ATP100 and URL Threat Filter

CommsCo
CommsCo Posts: 22  Freshman Member
First Comment Third Anniversary
Same problem but different kit to the thread:
https://community.zyxel.com/en/discussion/3106/nebula-spotify-connect-blocked-by-content-filtering

Unable to get Spotify and Denon kit to work unless I completely disable the URL Threat Filter.

Tried allowing the addresses in/out that show in the log but no luck.

202
2021-05-08 10:27:54
notice
Security Policy Control
Match default rule, DROP
 139.162.72.65:53310
 195.206.188.142:52133
udp
ACCESS BLOCK
203
2021-05-08 10:27:54
notice
Security Policy Control
Match default rule, DROP
 123.57.105.118:25054
 195.206.188.142:52133
udp
ACCESS BLOCK
204
2021-05-08 10:27:54
notice
Security Policy Control
Match default rule, DROP
 74.207.241.132:36300
 195.206.188.142:52133
udp
ACCESS BLOCK
205
2021-05-08 10:27:53
notice
Security Policy Control
Match default rule, DROP
 176.58.96.231:33313
 195.206.188.142:52133
udp
ACCESS BLOCK

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @CommsCo,

    Since URL Threat Filter has no profile applied to security policy rule, you should check blocked logs in log category "URL Threat Filter" instead of "Security Policy Control"

    If the web access is restricted by URL Threat Filter, there should be Access Block logs in category "URL Threat Filter".

    1. Go to MONITOR >  Security Statistics > Reputation Filter and enable "Collect Statistics" and access the web site again. Please also give us the URL of the website.


    2. Check the list of URL Detected.


    3. Go to MONITOR > Log > View Log and select category "URL Threat Filter". Give us the screen shot of the block logs.


    See how you've made an impact in Zyxel Community this year!
    https://bit.ly/Your2024Moments_Community

  • CommsCo
    CommsCo Posts: 22  Freshman Member
    First Comment Third Anniversary
    Thanks, I will out of hours later, but this is a local IP address (my PC for instance) connecting to a Denon audio streamer, also on the same IP internal range.

    How come it all works on Android phones okay on the same network to the Denon kit?

    The three Denons are all hardwired, as is the PC. If I use the Android mobile on the WiFI of the same network, works everytime?


  • jasailafan
    jasailafan Posts: 193  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    Why are you so sure it is blocked by URL threat filter? There must be URL threat filter block logs if the your application is actually blocked by URL threat filter. Maybe it is blocked by other security services?
    You can try to disable all security services and enable them back one by one, and monitor which function blocks your application. In log, filter the logs by entering the client's IP address in "keyword" and check blocked logs of the client's IP address.
  • CommsCo
    CommsCo Posts: 22  Freshman Member
    First Comment Third Anniversary
    No luck, nothing logged, and before you ask, yes we are partners, run a shed load of ATP, USG etc, so know our way around them and have done the courses.
    I have done all the usual fault finding, updated firmware to 5 today, checked the previously installed USG Flex 100, and that does not stop Spotify working; only the ATP100 does.
    I think it is a bit more than just blocked URLs as I can un-enable "URL Blocking", leaving all the categories still ticked, then start Spotify, it starts working, then re-enable "URL Blocking" and Spotify continues working until the next reboot of the PC. 
    The ATP is blocking internal traffic and it should not be, as it works throughout and at anytime using say an Android mobile handset connected via a NWA1123-HD.
    Additionally, another PC and a Chromebook cannot get the Spotify to work on either wired or via the NWA unless I disable/re-enable the "URL Blocking".
    Have now go into the habit of starting my day by disabling/re-enabling "URL Blocking", then starting Spotify - daft when we put men on the Moon back in '69 - I watched that work on 64k of RAM !

Security Highlight