How to Configure Content Filter with HTTPs Domain Filter?
The Content Filter with HTTPs Domain Filter allows you to block HTTPs websites by
category service. The filtering feature is based on over 100 categories that is
built in USG Flex H such as pornography, gambling, hacking, etc.
When the user makes an HTTPS request, the information contains a Server Name Indication
(SNI) extension fields in server FQDN. Using the SNI to query category from local cache
then the cloud database, then take action when it matches the block category in the Content Filter profile.
USG Flex H with Scheduled YouTube Access Settings Example
Note: All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested using USG FLEX 500H (Firmware Version:uOS 1.10).
Set Up the Content Filter on the USG Flex H
In the USG Flex H, go to Security Service > Content Filtering > Profile Management > Add a Content Filter profile. Configure a Name for you to identify the Content Filter profile such as “Social_Networking”. Configure the Action to block when the Content Filter detects events.
Navigate to Test Web Site Category and type URL to test the category and click Query.
You will see the category recorded in the external content filter server’s database for both HTTP and HTTPS Domain you specified.
Scroll to the Managed Categories section, and select categories in this section to control access to specific types of Internet content.
Set Up the Security Policy on the USG Flex H
Go to Security Policy > Policy Control to configure a Name for you to identify the Security Policy profile. For From and To policies, select the direction of travel of packets to which the policy applies and apply the Profile > Content Filter “Social_Networking” on this security policy.
Test Result
Type the URL http://www.facebook.com/ or https://www.facebook.com/ onto the browser and cannot browse facebook, as below:
Navigate to Log & Report > Log / Events, you will see [alert] log of blocked messages.
What Could Go Wrong?
If you are not able to configure any Content Filter policies or it’s not working, there are two possible reasons:
You have not subscribed for the Web_Filtering service.
You have subscribed for the Web_Filtering service but the license is expired.
You can click the link from the Licensing > Registration screen of your Zyxel device’s Web GUI () to register license service or extend your Web_Filtering license on Zyxel Marketplace ().
Finally, go to the Licensing > Licenses and click the Refresh button to update the status and the Web_Filtering serviceshall be working.
See how you've made an impact in Zyxel Community this year!
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 249 USG FLEX H Series
- 269 Security Ideas
- 1.4K Switch
- 72 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 386 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 84 About Community
- 73 Security Highlight