USG Flex 500 Content Filtering does not work

Scott_Gorman
Scott_Gorman Posts: 6  Freshman Member
First Comment Friend Collector

Hi,

We have been trying to configure Web Content Filtering to block social networking sites for default BPP profile but it does not seem to block. Even porn sites are being allowed access even though these have been default blocked in categories. Any suggestions on how to activate the blocking? Thanks.

Accepted Solution

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Answer ✓

    Hi @Scott_Gorman @GiangiSkan,

    You can use DNS Content Filter to block social networking.

    In Security Service > Content Filter > DNS Content Filter, click the profile BPP and select "Social Networking".

    Apply the DNS Content Filter profile "BPP" to both security policy rules.

    • From LAN1 to any
    • From LAN1 to ZyWALL

    The website of facebook can be blocked by DNS Content Filter.

«1

All Replies

  • PeterUK
    PeterUK Posts: 3,459  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Have you apply it to a policy control rule?

  • Scott_Gorman
    Scott_Gorman Posts: 6  Freshman Member
    First Comment Friend Collector

    Hi PeterUK,

    Yes, we applied it to a specific policy control rule but did not block still.

  • PeterUK
    PeterUK Posts: 3,459  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited March 4

    and the PC is not using a VPN or proxy?

    another reason is the FLEX can't connect out to the Category server and so BPP is set to pass

    does the Test Web Site Category work in BPP check?

  • Scott_Gorman
    Scott_Gorman Posts: 6  Freshman Member
    First Comment Friend Collector

    The PC is not using VPN or proxy.

    The Test Web Site Category seems to work well. It is able to determine the category of the web site correctly.

    We noticed that some sites are being blocked on other categories like Job search but not Social Networking. Then we also noticed that it works on Edge but not on Chrome.

  • PeterUK
    PeterUK Posts: 3,459  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited March 4

    Check the whats my IP on both Edge and Chrome

    testing here I can use Chrome and block facebook.com

    you may need to block highest rule UDP 443

  • Scott_Gorman
    Scott_Gorman Posts: 6  Freshman Member
    First Comment Friend Collector
    edited March 4

    I get the same results of WhatsmyIP on both Edge and Chrome.

    I already tried blocking UDP 443 and set as the highest rule.

    And still the same results.

  • jasailafan
    jasailafan Posts: 193  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    edited March 5
  • Scott_Gorman
    Scott_Gorman Posts: 6  Freshman Member
    First Comment Friend Collector

    If so, what can I do to block the website? There was no answer on the post on what to do.

  • GiangiSkan
    GiangiSkan Posts: 4
    First Comment Friend Collector First Anniversary

    Hi to all,

    I'm in the same sitaution of Scott_Gorman.

    USG FLEX 500, Regular License,

    Test Web Site Category working Well.

    Top Deny 443 Deny Rule deployed.

    All fine with Firefox, Edge.

    With Chrome no filtering at all, all passes from Social Meda to Pornograpghy, Chrome is blocked only if we use directly the IP (of the blocked categorized site) instead of the dns name.

    Please, any advice about this issue?

  • electsystech
    electsystech Posts: 47  Freshman Member
    First Answer First Comment Friend Collector Fifth Anniversary

    You need to install the latest datecode firmware from here.

Security Highlight