How to Configure Content Filter with HTTPs Domain Filter?

Zyxel_Jeff Posts: 1,066  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited November 2023 in Security Service

The Content Filter with HTTPs Domain Filter allows you to block HTTPs websites by

category service. The filtering feature is based on over 100 categories that is

built in USG Flex H such as pornography, gambling, hacking, etc.

When the user makes an HTTPS request, the information contains a Server Name Indication

(SNI) extension fields in server FQDN. Using the SNI to query category from local cache

then the cloud database, then take action when it matches the block category in the Content Filter profile.

USG Flex H with Scheduled YouTube Access Settings Example

Note: All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested using USG FLEX 500H (Firmware Version:uOS 1.10).

Set Up the Content Filter on the USG Flex H

In the USG Flex H, go to Security Service > Content Filtering > Profile Management > Add a Content Filter profile. Configure a Name for you to identify the Content Filter profile such as “Social_Networking”. Configure the Action to block when the Content Filter detects events.

Navigate to Test Web Site Category and type URL to test the category and click Query.

You will see the category recorded in the external content filter server’s database for both HTTP and HTTPS Domain you specified.

Scroll to the Managed Categories section, and select categories in this section to control access to specific types of Internet content.

Set Up the Security Policy on the USG Flex H

Go to Security Policy > Policy Control to configure a Name for you to identify the Security Policy profile. For From and To policies, select the direction of travel of packets to which the policy applies and apply the Profile > Content Filter “Social_Networking” on this security policy.

Test Result

Type the URL or onto the browser and cannot browse facebook, as below:

Navigate to Log & Report > Log / Events, you will see [alert] log of blocked messages.

What Could Go Wrong?

If you are not able to configure any Content Filter policies or it’s not working, there are two possible reasons:

You have not subscribed for the Web_Filtering service.

You have subscribed for the Web_Filtering service but the license is expired.

You can click the link from the Licensing > Registration screen of your Zyxel device’s Web GUI () to register license service or extend your Web_Filtering license on Zyxel Marketplace ().

Finally, go to the Licensing > Licenses and click the Refresh button to update the status and the Web_Filtering serviceshall be working.