USG Flex : How to identify blocked websites by content filtering

Sébastien
Sébastien Posts: 41  Freshman Member
First Comment Friend Collector Fourth Anniversary
Hi everyone,

I have set up a content filter on all outgoing connections from LAN1 in Nebula for my USG Flex 100. It works properly but I don't know how to identify which websites have been blocked or not in the Event Log.



Categories have been selected in the "Custom" filtering rule.

When checking the FW logs, I can see this :


But the category Business is not blocked (not checked in the Custom rule). So why  does it appear in the logs ? There is no mention if it is blocked or not. And better, when a blocked site is identified it also appears in the logs in the same manner. There is no way to see the difference between blocked or not websites...

One other question : what does SSI:N mean in the details of each log entry ?

Thanks.

Sebastien

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,249  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Hi @"Sébastien"

    Could you enable "Invite Zyxel support as administrator" feature for us?
    You can find it on the path of Help -> Support request and enable it.



    Once you have done, please send a private message to me and provide your organization and site name to us. We can check the configuration of this device. 



    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • FelixSchneider
    FelixSchneider Posts: 49  Freshman Member
    First Comment Friend Collector Third Anniversary
    edited April 2023

    @Zyxel_Jeff
    Have the same problem…

    2023-04-14 22:26:23Content Filter10.0.100.6923.41.180.219de.imageservice.sky.com:Portal Sites

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:22Content Filter10.0.100.6992.122.21.92init.sky.com:Portal Sites

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:21Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business

    Rule_name:SF_Home_Filter

    SSI:N (Content Filter)

    2023-04-14 22:26:21Content Filter10.0.100.69104.102.50.128graphql.ott.sky.com:Portal Sites

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:20Content Filter10.0.100.69104.81.4.215id.sky.de:Entertainment

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:19Content Filter10.0.100.6923.63.125.191auth.client.ott.sky.com:Portal Sites

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:19Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business

    Rule_name:SF_Home_Filter

    SSI:N (Content Filter)

    2023-04-14 22:26:18Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business

    Rule_name:SF_Home_Filter

    SSI:N (Content Filter)

    2023-04-14 22:26:18Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business

    Rule_name:SF_Home_Filter

    SSI:N (Content Filter)

    2023-04-14 22:26:18Content Filter10.0.100.6988.221.218.88persona-store.sky.com:Portal Sites

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:17Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business

    Rule_name:SF_Home_Filter

    SSI:N (Content Filter)

    2023-04-14 22:26:17Content Filter10.0.100.6918.64.119.59cmp.wowtv.de:Entertainment

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:17Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business

    Rule_name:SF_Home_Filter

    SSI:N (Content Filter)

    2023-04-14 22:26:17Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business

    Rule_name:SF_Home_Filter

    SSI:N (Content Filter)

    2023-04-14 22:26:17Content Filter10.0.100.6923.56.206.133eu.api.atom.sky.com:Portal Sites

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:17Content Filter10.0.100.6918.66.2.33gdpr-tcfv2.sp-prod.net:Content Server

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:17Content Filter10.0.100.6988.221.218.99agg.oogwayintl.sky.com:Portal Sites

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    2023-04-14 22:26:16Content Filter10.0.100.69142.250.186.42safebrowsing.googleapis.com:Internet Services

    Rule_name:SF_Home_Filter

    SSI:N (HTTPS Domain Filter)

    Zyxel Support Access is available.

    Organisation: Familie Schneider

    Site: Home

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,249  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @FelixSchneider

    Thank you for sharing the screenshots with us. If we use the Content Filter profile on the security policy, the firewall can detect all DNS-related activity. If the firewall determines that the activity is in a blocked category, it will drop it. It's our current behavior. Additionally, if you see the message 'SSI:N,' it means that SSL inspection is not enabled. This message is the same as what we see on our on-premise firewall. Thanks.


    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • FelixSchneider
    FelixSchneider Posts: 49  Freshman Member
    First Comment Friend Collector Third Anniversary

    But why are Portal Sites blocked if they are not set in the Content Filter policy.

Nebula Tips & Tricks