USG Flex 500 Content Filtering does not work
Hi,
We have been trying to configure Web Content Filtering to block social networking sites for default BPP profile but it does not seem to block. Even porn sites are being allowed access even though these have been default blocked in categories. Any suggestions on how to activate the blocking? Thanks.
Accepted Solution
-
You can use DNS Content Filter to block social networking.
In Security Service > Content Filter > DNS Content Filter, click the profile BPP and select "Social Networking".
Apply the DNS Content Filter profile "BPP" to both security policy rules.
- From LAN1 to any
- From LAN1 to ZyWALL
The website of facebook can be blocked by DNS Content Filter.
0
All Replies
-
Have you apply it to a policy control rule?
0 -
Hi PeterUK,
Yes, we applied it to a specific policy control rule but did not block still.
0 -
and the PC is not using a VPN or proxy?
another reason is the FLEX can't connect out to the Category server and so BPP is set to pass
does the Test Web Site Category work in BPP check?
0 -
The PC is not using VPN or proxy.
The Test Web Site Category seems to work well. It is able to determine the category of the web site correctly.
We noticed that some sites are being blocked on other categories like Job search but not Social Networking. Then we also noticed that it works on Edge but not on Chrome.
0 -
Check the whats my IP on both Edge and Chrome
testing here I can use Chrome and block facebook.com
you may need to block highest rule UDP 443
0 -
I get the same results of WhatsmyIP on both Edge and Chrome.
I already tried blocking UDP 443 and set as the highest rule.
And still the same results.
0 -
Both the browser and website support HSTS. Here is a similar post.
0 -
If so, what can I do to block the website? There was no answer on the post on what to do.
0 -
Hi to all,
I'm in the same sitaution of Scott_Gorman.
USG FLEX 500, Regular License,
Test Web Site Category working Well.
Top Deny 443 Deny Rule deployed.
All fine with Firefox, Edge.
With Chrome no filtering at all, all passes from Social Meda to Pornograpghy, Chrome is blocked only if we use directly the IP (of the blocked categorized site) instead of the dns name.
Please, any advice about this issue?
0 -
You need to install the latest datecode firmware from here.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight