USG Flex 500 Content Filtering does not work

Options

Hi,

We have been trying to configure Web Content Filtering to block social networking sites for default BPP profile but it does not seem to block. Even porn sites are being allowed access even though these have been default blocked in categories. Any suggestions on how to activate the blocking? Thanks.

Accepted Solution

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,338  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Hi @Scott_Gorman @GiangiSkan,

    You can use DNS Content Filter to block social networking.

    In Security Service > Content Filter > DNS Content Filter, click the profile BPP and select "Social Networking".

    Apply the DNS Content Filter profile "BPP" to both security policy rules.

    • From LAN1 to any
    • From LAN1 to ZyWALL

    The website of facebook can be blocked by DNS Content Filter.

«1

All Replies

  • PeterUK
    PeterUK Posts: 3,003 ✭✭✭✭✭
    Community MVP First Anniversary 10 Comments Friend Collector
    Options

    Have you apply it to a policy control rule?

  • Scott_Gorman
    Options

    Hi PeterUK,

    Yes, we applied it to a specific policy control rule but did not block still.

  • PeterUK
    PeterUK Posts: 3,003 ✭✭✭✭✭
    Community MVP First Anniversary 10 Comments Friend Collector
    edited March 4
    Options

    and the PC is not using a VPN or proxy?

    another reason is the FLEX can't connect out to the Category server and so BPP is set to pass

    does the Test Web Site Category work in BPP check?

  • Scott_Gorman
    Options

    The PC is not using VPN or proxy.

    The Test Web Site Category seems to work well. It is able to determine the category of the web site correctly.

    We noticed that some sites are being blocked on other categories like Job search but not Social Networking. Then we also noticed that it works on Edge but not on Chrome.

  • PeterUK
    PeterUK Posts: 3,003 ✭✭✭✭✭
    Community MVP First Anniversary 10 Comments Friend Collector
    edited March 4
    Options

    Check the whats my IP on both Edge and Chrome

    testing here I can use Chrome and block facebook.com

    you may need to block highest rule UDP 443

  • Scott_Gorman
    Scott_Gorman Posts: 5
    Friend Collector First Comment
    edited March 4
    Options

    I get the same results of WhatsmyIP on both Edge and Chrome.

    I already tried blocking UDP 443 and set as the highest rule.

    And still the same results.

  • jasailafan
    jasailafan Posts: 193  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 5
    Options
  • Scott_Gorman
    Options

    If so, what can I do to block the website? There was no answer on the post on what to do.

  • GiangiSkan
    GiangiSkan Posts: 4
    First Anniversary Friend Collector First Comment
    Options

    Hi to all,

    I'm in the same sitaution of Scott_Gorman.

    USG FLEX 500, Regular License,

    Test Web Site Category working Well.

    Top Deny 443 Deny Rule deployed.

    All fine with Firefox, Edge.

    With Chrome no filtering at all, all passes from Social Meda to Pornograpghy, Chrome is blocked only if we use directly the IP (of the blocked categorized site) instead of the dns name.

    Please, any advice about this issue?

  • electsystech
    electsystech Posts: 36  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    You need to install the latest datecode firmware from here.

Security Highlight