Content filter on ATP800 not working

Pedroj
Pedroj Posts: 57  Ally Member
First Comment Sixth Anniversary
in Security

Hello, the content filter seems to not be working correctly.
By blocking categories such as social networks or pornography, you can access it without problem.
I have also activated the DNS content filter and I can also access it even if it is in blocked categories.
Any idea what is happening?

1.PNG
2.PNG
3.PNG
4.PNG

«1

All Replies

  • PeterUK
    PeterUK Posts: 3,569  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited April 2024

    Set “action when category server is unavailable” to block

    move rule to top of the list

    Might a VPN or proxy be in use by the client?

  • YanShadowGT
    YanShadowGT Posts: 15  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    Hello Zyxel, what is happening, I have the same problem as of Wednesday, April 17, I thought it was some bad configuration of mine, but in the same way my USG1100 fails, the content filter does not work. I hope they resolve it soon. This problem only happens with Edge and Chrome, Firefox still respects the Content Filter

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 898  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments

    Hi @Pedroj , @YanShadowGT ,

    Greeting Forum, Could you share your config file by Private message ?

    Thank you

  • WJS
    WJS Posts: 156  Master Member
    5 Answers First Comment Friend Collector Third Anniversary

    Try to disable if you are using Chrome

    chrome://flags/#enable-tls13-kyber

    image.png

  • Pedroj
    Pedroj Posts: 57  Ally Member
    First Comment Sixth Anniversary

    Hello, I don't understand very well, but this morning everything is working without changing settings?
    What can be the motive?

  • YanShadowGT
    YanShadowGT Posts: 15  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    Hi @WJS

    Thank you for your support, you have solved the problem with the content filter, I hope Zyxel solves this incompatibility with this TLS 1.3 encryption. Since Google says that this option will be temporary and will not allow it to be disabled in future versions.Thank you again!!!

  • electsystech
    electsystech Posts: 50  Ally Member
    First Answer First Comment Friend Collector Fifth Anniversary

    We found the same problem on the Zyxel USG310 and USG Flex 50 routers. I didn't test any other models yet, these are the ones that we had reports that the content filter isn't working on. I'm guessing we have over a 100 routers with content filter subscription on them. So we need an update to fix this as trying to disable TLS 1.3 on each computer at every company is not a practical solution.

  • PeterUK
    PeterUK Posts: 3,569  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited April 2024

    Even if Zyxel fix the problem it may only be for current models and not EOL ones

    The DNS Content filter should work if you don't use dns over HTTPS

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 898  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments

    Hi @electsystech

    We're aware of the issue from TLS1.3 Kyber,

    We're working on it.

    Thank you

  • electsystech
    electsystech Posts: 50  Ally Member
    First Answer First Comment Friend Collector Fifth Anniversary
    edited April 2024

    We sent a request into Zyxel to have HQ look into this. The content filter policies and DNS content are no longer working. This is a significant problem and hopefully a router firmware patch can be released quickly.

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)