URL filtering - only custom white list allowed

nubira
nubira Posts: 14
First Comment Friend Collector Second Anniversary

We are using a USG FLEX 500 and we want to set up a white list based URL filtering on specific client IPs. For example this is my white list:

*.tello.com
*.att.com
*.verizon.com

How can I configure the firewall so that only these addresses can be accessed from behind the IP address 192.168.0.50.

Thank you!

Accepted Solution

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 888  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    edited March 2023 Answer ✓

    Hi @nubira ,

    Please create a Web Content filter profile , Block all managed web pages.

    Navigate to Custom Service and allow those web sites only.

    Create a rule for source:192.168.0.50 . (Please remember block UDP 443 port to make HTTPS sites can be identified.)

    Last, please also remind that when connectiong to a website, there may be many Hyperlinks behind it, so it may cause the Trust site to display incompletely when you have above settings.

    Thank you

All Replies

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 888  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    edited March 2023 Answer ✓

    Hi @nubira ,

    Please create a Web Content filter profile , Block all managed web pages.

    Navigate to Custom Service and allow those web sites only.

    Create a rule for source:192.168.0.50 . (Please remember block UDP 443 port to make HTTPS sites can be identified.)

    Last, please also remind that when connectiong to a website, there may be many Hyperlinks behind it, so it may cause the Trust site to display incompletely when you have above settings.

    Thank you

  • nubira
    nubira Posts: 14
    First Comment Friend Collector Second Anniversary

    Hi Zyxel_Kevin!

    I tried it, but it doesnt work. I get this message:

    Thanks

  • electsystech
    electsystech Posts: 47  Freshman Member
    First Answer First Comment Friend Collector Fifth Anniversary

    You need to add *verizon.com

    *tello.com

    *att.com

    You will have to watch the logs under Monitor>Logs>Category>Blocked Websites to see what else is being blocked. Like he said, there may be many other domains that have to be allowed for the site to work.

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 888  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments

    Hi @nubira ,

    Please kindly check you've selected "Enable Custom Service"

    If the issue still please share your config file by private message.

    Thank you

  • nubira
    nubira Posts: 14
    First Comment Friend Collector Second Anniversary

    Hi @Zyxel_Kevin

    it works! Thanks!
    The solution is change *.verzion.com to *.*verzion.com.

    Just one more question: how can I translate the whole Access Restricted page? System\Notification\Response Message not contain the full text of message.

    Thanks

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 888  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments

    Hi @nubira ,

    Thank you. The sub message will be only displayed in English.

    We can only change wording of message "Web access is restricted. Please contact the administrator."

    Please feel free to contact us if still have concerns.

    Thank you

Security Highlight