USG Flex : How to identify blocked websites by content filtering
I have set up a content filter on all outgoing connections from LAN1 in Nebula for my USG Flex 100. It works properly but I don't know how to identify which websites have been blocked or not in the Event Log.
Categories have been selected in the "Custom" filtering rule.
When checking the FW logs, I can see this :
But the category Business is not blocked (not checked in the Custom rule). So why does it appear in the logs ? There is no mention if it is blocked or not. And better, when a blocked site is identified it also appears in the logs in the same manner. There is no way to see the difference between blocked or not websites...
One other question : what does SSI:N mean in the details of each log entry ?
Thanks.
Sebastien
All Replies
-
You can find it on the path of Help -> Support request and enable it.
Once you have done, please send a private message to me and provide your organization and site name to us. We can check the configuration of this device.See how you've made an impact in Zyxel Community this year!
0 -
@Zyxel_Jeff
Have the same problem…2023-04-14 22:26:23Content Filter10.0.100.6923.41.180.219de.imageservice.sky.com:Portal Sites
Rule_name:SF_Home_Filter
SSI:N (HTTPS Domain Filter)
2023-04-14 22:26:22Content Filter10.0.100.6992.122.21.92init.sky.com:Portal Sites
Rule_name:SF_Home_Filter
SSI:N (HTTPS Domain Filter)
2023-04-14 22:26:21Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business
Rule_name:SF_Home_Filter
SSI:N (Content Filter)
2023-04-14 22:26:21Content Filter10.0.100.69104.102.50.128graphql.ott.sky.com:Portal Sites
Rule_name:SF_Home_Filter
SSI:N (HTTPS Domain Filter)
2023-04-14 22:26:20Content Filter10.0.100.69104.81.4.215id.sky.de:Entertainment
Rule_name:SF_Home_Filter
SSI:N (HTTPS Domain Filter)
2023-04-14 22:26:19Content Filter10.0.100.6923.63.125.191auth.client.ott.sky.com:Portal Sites
Rule_name:SF_Home_Filter
SSI:N (HTTPS Domain Filter)
2023-04-14 22:26:19Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business
Rule_name:SF_Home_Filter
SSI:N (Content Filter)
2023-04-14 22:26:18Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business
Rule_name:SF_Home_Filter
SSI:N (Content Filter)
2023-04-14 22:26:18Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business
Rule_name:SF_Home_Filter
SSI:N (Content Filter)
2023-04-14 22:26:18Content Filter10.0.100.6988.221.218.88persona-store.sky.com:Portal Sites
Rule_name:SF_Home_Filter
SSI:N (HTTPS Domain Filter)
2023-04-14 22:26:17Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business
Rule_name:SF_Home_Filter
SSI:N (Content Filter)
2023-04-14 22:26:17Content Filter10.0.100.6918.64.119.59cmp.wowtv.de:Entertainment
Rule_name:SF_Home_Filter
SSI:N (HTTPS Domain Filter)
2023-04-14 22:26:17Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business
Rule_name:SF_Home_Filter
SSI:N (Content Filter)
2023-04-14 22:26:17Content Filter10.0.100.10280.156.81.62svc40.cdn.tv.telekom.net:Business
Rule_name:SF_Home_Filter
SSI:N (Content Filter)
2023-04-14 22:26:17Content Filter10.0.100.6923.56.206.133eu.api.atom.sky.com:Portal Sites
Rule_name:SF_Home_Filter
SSI:N (HTTPS Domain Filter)
2023-04-14 22:26:17Content Filter10.0.100.6918.66.2.33gdpr-tcfv2.sp-prod.net:Content Server
Rule_name:SF_Home_Filter
SSI:N (HTTPS Domain Filter)
2023-04-14 22:26:17Content Filter10.0.100.6988.221.218.99agg.oogwayintl.sky.com:Portal Sites
Rule_name:SF_Home_Filter
SSI:N (HTTPS Domain Filter)
2023-04-14 22:26:16Content Filter10.0.100.69142.250.186.42safebrowsing.googleapis.com:Internet Services
Rule_name:SF_Home_Filter
SSI:N (HTTPS Domain Filter)
Zyxel Support Access is available.
Organisation: Familie Schneider
Site: Home
0 -
Thank you for sharing the screenshots with us. If we use the Content Filter profile on the security policy, the firewall can detect all DNS-related activity. If the firewall determines that the activity is in a blocked category, it will drop it. It's our current behavior. Additionally, if you see the message 'SSI:N,' it means that SSL inspection is not enabled. This message is the same as what we see on our on-premise firewall. Thanks.
See how you've made an impact in Zyxel Community this year!
0 -
But why are Portal Sites blocked if they are not set in the Content Filter policy.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight