How to Configure Content Filter with HTTPs Domain Filter?
Zyxel Employee
The Content Filter with HTTPs Domain Filter allows you to block HTTPs websites by
category service. The filtering feature is based on over 100 categories that is
built in USG Flex H such as pornography, gambling, hacking, etc.
When the user makes an HTTPS request, the information contains a Server Name Indication
(SNI) extension fields in server FQDN. Using the SNI to query category from local cache
then the cloud database, then take action when it matches the block category in the Content Filter profile.
USG Flex H with Scheduled YouTube Access Settings Example
Note: All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested using USG FLEX 500H (Firmware Version:uOS 1.10).
Set Up the Content Filter on the USG Flex H
In the USG Flex H, go to Security Service > Content Filtering > Profile Management > Add a Content Filter profile. Configure a Name for you to identify the Content Filter profile such as “Social_Networking”. Configure the Action to block when the Content Filter detects events.
Navigate to Test Web Site Category and type URL to test the category and click Query.
You will see the category recorded in the external content filter server’s database for both HTTP and HTTPS Domain you specified.
Scroll to the Managed Categories section, and select categories in this section to control access to specific types of Internet content.
Set Up the Security Policy on the USG Flex H
Go to Security Policy > Policy Control to configure a Name for you to identify the Security Policy profile. For From and To policies, select the direction of travel of packets to which the policy applies and apply the Profile > Content Filter “Social_Networking” on this security policy.
Test Result
Type the URL http://www.facebook.com/ or https://www.facebook.com/ onto the browser and cannot browse facebook, as below:
Navigate to Log & Report > Log / Events, you will see [alert] log of blocked messages.
What Could Go Wrong?
If you are not able to configure any Content Filter policies or it’s not working, there are two possible reasons:
You have not subscribed for the Web_Filtering service.
You have subscribed for the Web_Filtering service but the license is expired.
You can click the link from the Licensing > Registration screen of your Zyxel device’s Web GUI () to register license service or extend your Web_Filtering license on Zyxel Marketplace ().
Finally, go to the Licensing > Licenses and click the Refresh button to update the status and the Web_Filtering serviceshall be working.
Categories
- All Categories
- 396 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 86 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 916 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 419 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight