USG Flex : How to identify blocked websites by content filtering

Sébastien
Sébastien Posts: 41
First Comment Friend Collector Third Anniversary
 Freshman Member
Hi everyone,

I have set up a content filter on all outgoing connections from LAN1 in Nebula for my USG Flex 100. It works properly but I don't know how to identify which websites have been blocked or not in the Event Log.



Categories have been selected in the "Custom" filtering rule.

When checking the FW logs, I can see this :


But the category Business is not blocked (not checked in the Custom rule). So why  does it appear in the logs ? There is no mention if it is blocked or not. And better, when a blocked site is identified it also appears in the logs in the same manner. There is no way to see the difference between blocked or not websites...

One other question : what does SSI:N mean in the details of each log entry ?

Thanks.

Sebastien

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 848
    50 Answers 500 Comments Friend Collector Second Anniversary
     Zyxel Employee
    Hi @"Sébastien"

    Could you enable "Invite Zyxel support as administrator" feature for us?
    You can find it on the path of Help -> Support request and enable it.



    Once you have done, please send a private message to me and provide your organization and site name to us. We can check the configuration of this device. 


  • FelixSchneider
    FelixSchneider Posts: 35
    First Comment Friend Collector Second Anniversary
     Freshman Member
    edited April 14

    @Zyxel_Jeff
    Have the same problem…

    2023-04-14 22:26:23Content Filter10.0.100.6923.41.180.219de.imageservice.sky.com:Portal Sites

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:22Content Filter10.0.100.6992.122.21.92init.sky.com:Portal Sites

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:21Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business

    Rule_name:SF_Home_Filter

    SSI:N (Content Filter)

    2023-04-14 22:26:21Content Filter10.0.100.69104.102.50.128graphql.ott.sky.com:Portal Sites

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:20Content Filter10.0.100.69104.81.4.215id.sky.de:Entertainment

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:19Content Filter10.0.100.6923.63.125.191auth.client.ott.sky.com:Portal Sites

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:19Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business

    Rule_name:SF_Home_Filter

    SSI:N (Content Filter)

    2023-04-14 22:26:18Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business

    Rule_name:SF_Home_Filter

    SSI:N (Content Filter)

    2023-04-14 22:26:18Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business

    Rule_name:SF_Home_Filter

    SSI:N (Content Filter)

    2023-04-14 22:26:18Content Filter10.0.100.6988.221.218.88persona-store.sky.com:Portal Sites

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:17Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business

    Rule_name:SF_Home_Filter

    SSI:N (Content Filter)

    2023-04-14 22:26:17Content Filter10.0.100.6918.64.119.59cmp.wowtv.de:Entertainment

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:17Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business

    Rule_name:SF_Home_Filter

    SSI:N (Content Filter)

    2023-04-14 22:26:17Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business

    Rule_name:SF_Home_Filter

    SSI:N (Content Filter)

    2023-04-14 22:26:17Content Filter10.0.100.6923.56.206.133eu.api.atom.sky.com:Portal Sites

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:17Content Filter10.0.100.6918.66.2.33gdpr-tcfv2.sp-prod.net:Content Server

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:17Content Filter10.0.100.6988.221.218.99agg.oogwayintl.sky.com:Portal Sites

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:16Content Filter10.0.100.69142.250.186.42safebrowsing.googleapis.com:Internet Services

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    Zyxel Support Access is available.

    Organisation: Familie Schneider

    Site: Home

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 848
    50 Answers 500 Comments Friend Collector Second Anniversary
     Zyxel Employee

    Hi @FelixSchneider

    Thank you for sharing the screenshots with us. If we use the Content Filter profile on the security policy, the firewall can detect all DNS-related activity. If the firewall determines that the activity is in a blocked category, it will drop it. It's our current behavior. Additionally, if you see the message 'SSI:N,' it means that SSL inspection is not enabled. This message is the same as what we see on our on-premise firewall. Thanks.

  • FelixSchneider
    FelixSchneider Posts: 35
    First Comment Friend Collector Second Anniversary
     Freshman Member

    But why are Portal Sites blocked if they are not set in the Content Filter policy.

Nebula Tips & Tricks