Why doesn't Content filter block adobe.com on USG20-VPN?

Have a customer with a USG20-VPN with content filter subscription. They have computers on a strict whitelist only policy. There's only 24 websites on their Trusted Websites. Putting *adobe.com and *.adobe.com in the Forbidden sites doesn't block it either. I also setup the same content policy with DNS content and there's no change. We are blocking the QUIC protocol, UDP ports 80 and 443. The only I was able to get it blocked was to do a ping to adobe.com and then setup a policy to block all those ip addresses. I updated the router to the latest 5.31 firmware.

I tested blocking adobe.com on our site here on a VPN 100 router and it blocked it as expected. What's the difference?

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 929
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
     Guru Member
    edited September 23
    USG20-VPN with 5.31(ABAQ.0) can block adobe successfully. Here are the configuration and result for your reference. If it is still not working on your USG20-VPN, please share the startup-config.conf with me in private message.  :)

    1. Add a new CF profile. Enable "Enable HTTPS Domain Filter for HTTPS traffic".

    2. In Custom Service, add adobe in forbidden web sites. Enable the option "Enable Custom Service".

    3. Apply the profile to security policy rule. In this example, we apply this profile to the rule LAN1_Outgoing.


    Test Result:


  • PM sent with config file.
  • PeterUK
    PeterUK Posts: 1,450
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member

    Maybe DNS over HTTPS?


  • Zyxel_Emily
    Zyxel_Emily Posts: 929
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
     Guru Member
    In your configuration file, "adobe" is not on the list of forbidden list no matter in Custom Service of profile or Common Forbidden Web Sites.
    Actually, your CF profile blocks almost all internet access. I also tried to access adobe.com and it is blocked. Could you check the configuration again?  :)

Security Highlight