URL filtering - only custom white list allowed

nubira
nubira Posts: 14
First Comment Friend Collector Second Anniversary
in Security

We are using a USG FLEX 500 and we want to set up a white list based URL filtering on specific client IPs. For example this is my white list:

*.tello.com
*.att.com
*.verizon.com

How can I configure the firewall so that only these addresses can be accessed from behind the IP address 192.168.0.50.

Thank you!

Accepted Solution

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 885  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    edited March 2023 Answer ✓

    Hi @nubira ,

    Please create a Web Content filter profile , Block all managed web pages.

    Image 70.png

    Navigate to Custom Service and allow those web sites only.

    Image 71.png

    Create a rule for source:192.168.0.50 . (Please remember block UDP 443 port to make HTTPS sites can be identified.)

    Image 72.png

    Last, please also remind that when connectiong to a website, there may be many Hyperlinks behind it, so it may cause the Trust site to display incompletely when you have above settings.

    Thank you

All Replies

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 885  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    edited March 2023 Answer ✓

    Hi @nubira ,

    Please create a Web Content filter profile , Block all managed web pages.

    Image 70.png

    Navigate to Custom Service and allow those web sites only.

    Image 71.png

    Create a rule for source:192.168.0.50 . (Please remember block UDP 443 port to make HTTPS sites can be identified.)

    Image 72.png

    Last, please also remind that when connectiong to a website, there may be many Hyperlinks behind it, so it may cause the Trust site to display incompletely when you have above settings.

    Thank you

  • nubira
    nubira Posts: 14
    First Comment Friend Collector Second Anniversary

    Hi Zyxel_Kevin!

    I tried it, but it doesnt work. I get this message:

    kép.png

    Thanks

  • electsystech
    electsystech Posts: 46  Freshman Member
    First Comment Friend Collector Fifth Anniversary

    You need to add *verizon.com

    *tello.com

    *att.com

    You will have to watch the logs under Monitor>Logs>Category>Blocked Websites to see what else is being blocked. Like he said, there may be many other domains that have to be allowed for the site to work.

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 885  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments

    Hi @nubira ,

    Please kindly check you've selected "Enable Custom Service"

    If the issue still please share your config file by private message.

    Screenshot 2023-03-28 213302.png

    Thank you

  • nubira
    nubira Posts: 14
    First Comment Friend Collector Second Anniversary

    Hi @Zyxel_Kevin

    it works! Thanks!
    The solution is change *.verzion.com to *.*verzion.com.

    Just one more question: how can I translate the whole Access Restricted page? System\Notification\Response Message not contain the full text of message.

    Thanks

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 885  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments

    Hi @nubira ,

    Thank you. The sub message will be only displayed in English.

    We can only change wording of message "Web access is restricted. Please contact the administrator."

    Please feel free to contact us if still have concerns.

    Thank you

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)