Content filter on ATP800 not working

Options
Pedroj
Pedroj Posts: 53  Ally Member
First Anniversary 10 Comments
in Security

Hello, the content filter seems to not be working correctly.
By blocking categories such as social networks or pornography, you can access it without problem.
I have also activated the DNS content filter and I can also access it even if it is in blocked categories.
Any idea what is happening?

1.PNG
2.PNG
3.PNG
4.PNG

«1

All Replies

  • PeterUK
    PeterUK Posts: 2,806  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited April 22
    Options

    Set “action when category server is unavailable” to block

    move rule to top of the list

    Might a VPN or proxy be in use by the client?

  • YanShadowGT
    YanShadowGT Posts: 5
    First Anniversary Friend Collector First Comment
    Options

    Hello Zyxel, what is happening, I have the same problem as of Wednesday, April 17, I thought it was some bad configuration of mine, but in the same way my USG1100 fails, the content filter does not work. I hope they resolve it soon. This problem only happens with Edge and Chrome, Firefox still respects the Content Filter

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 776  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Pedroj , @YanShadowGT ,

    Greeting Forum, Could you share your config file by Private message ?

    Thank you

  • WJS
    WJS Posts: 135  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Try to disable if you are using Chrome

    chrome://flags/#enable-tls13-kyber

    image.png

  • Pedroj
    Pedroj Posts: 53  Ally Member
    First Anniversary 10 Comments
    Options

    Hello, I don't understand very well, but this morning everything is working without changing settings?
    What can be the motive?

  • YanShadowGT
    YanShadowGT Posts: 5
    First Anniversary Friend Collector First Comment
    Options

    Hi @WJS

    Thank you for your support, you have solved the problem with the content filter, I hope Zyxel solves this incompatibility with this TLS 1.3 encryption. Since Google says that this option will be temporary and will not allow it to be disabled in future versions.Thank you again!!!

  • electsystech
    electsystech Posts: 25  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    We found the same problem on the Zyxel USG310 and USG Flex 50 routers. I didn't test any other models yet, these are the ones that we had reports that the content filter isn't working on. I'm guessing we have over a 100 routers with content filter subscription on them. So we need an update to fix this as trying to disable TLS 1.3 on each computer at every company is not a practical solution.

  • PeterUK
    PeterUK Posts: 2,806  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited April 24
    Options

    Even if Zyxel fix the problem it may only be for current models and not EOL ones

    The DNS Content filter should work if you don't use dns over HTTPS

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 776  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @electsystech

    We're aware of the issue from TLS1.3 Kyber,

    We're working on it.

    Thank you

  • electsystech
    electsystech Posts: 25  Freshman Member
    First Anniversary 10 Comments Friend Collector
    edited April 25
    Options

    We sent a request into Zyxel to have HQ look into this. The content filter policies and DNS content are no longer working. This is a significant problem and hopefully a router firmware patch can be released quickly.

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)