How to check Content Filter service when it is not working as expected
Web Content Filtering Process
1. A user enters a URL into their web browser.
2. The user’s computer sends a DNS query for the URL
3. The DNS server returns an IP addresses for the URL.
4. The user’s web browser connects to the IP address.
5. The Web Content Filter detects an HTTP connection, and inspects the website send using Server Name Indication (SNI).
6. If the website contains prohibited material, the HTTP request is redirected to a block page.
Checking Flow
1. Check if you have blocked QUIC Protocol (UDP443) and put in the higher priority.
2. Check if the URL can be classified. If not, make sure firewall has the internet access or contact Zyxel Support.
3. Check if the option “Enable HTTPS Domain Filter for HTTPS traffic” is enabled.Select this check box to have the Zyxel Device block HTTPS web pages using the cloud category service. In an HTTPS connection, the Zyxel Device can extract the Server Name Indication (SNI) from a client request, check if it matches a category in the cloud content filter and then take appropriate action. The keyword match is for the domain name only.
4. Make sure you have disabled the Proxy setting on the endpoint such as OS, antivirus software and the browser. Please note that some browsers have their own proxy settings.
5. Capture the packets to check there is SNI which you want to manage.
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 145 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 239 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight