[ATP/FLEX] How to block Web-Proxy on Nebula

Zyxel_Jeff
Zyxel_Jeff Posts: 1,316  Zyxel Employee
100 Answers 500 Comments Friend Collector Fourth Anniversary
edited August 2023 in Security Service

The user might use the Web-Proxy tool(such as steganos) to bypass Content Filter's category inspection. This article will guide you on how to use security policies to block this behavior.

web-proxy-google.png

Configuration steps:

Navigate to Configure > Firewall > Security policy to set the Action set to Deny and configure the Web-Proxy URLs that you would like to block on the Destination field. This will allow you to effectively block those Web-Proxy URLs.

security policies.png

Furthermore, you can utilize the DNS/URL Threat Filter to prevent access to Proxy-related websites through the Anonymizers category or by adding the URL to the block list.

DNS Threat Filter settings -2.png

Test Result

Attempt access to the Web-Proxy URL will result in an inability to connect.

cannot browse web-proxy.png

To verify this, navigate to Site-wide> Monitor > Firewall > Event log. You will observe dropped logs generated by the security policy.

event log.png

Blocked by the DNS/URL Threat Filter.

proxy site 1.png

The event log indicates that.

event log-DNS threat filter.png