Content filter not working properly

nielsscheldeman
nielsscheldeman Posts: 51  Ally Member
First Comment Friend Collector Second Anniversary

Couple of months ago I set up an ATP200 with Content filter enabled at a client. Now he says that the users are able to surf to playboy.com. I did some tests:

If I enter the website in URL to test it says that it is categorised under pornography, so ok.

Filter is applied to LAN1_Outgoing

If I turn on logging on LAN1_Outgoing and I surf to playboy.com it says in the logs that it's passing this rule. But the website is indeed accessible from a computer, but if I use http://pl… I get proper warning of Access Restricted. So it seems that https does pass? Enable HTTPS Domain Filter for HTTPS Traffic is turned on.

All Replies

  • nielsscheldeman
    nielsscheldeman Posts: 51  Ally Member
    First Comment Friend Collector Second Anniversary

    The content filter still not working fine…

    Added a rule with priority 1 for QUIC Ports

    Some sites are blocked, mostly not. For example, customer wants me to block wps.com

    So in that filter which is applied to LAN1 outgoing, I added in Forbidden websites *.wps.com or wps.com. But still accessible?

  • electsystech
    electsystech Posts: 47  Freshman Member
    First Answer First Comment Friend Collector Fifth Anniversary

    Setup a DNS filter policy as well, like this. The Zywall DNS policy needs to be separate from the Filtered DNS policy.

  • nielsscheldeman
    nielsscheldeman Posts: 51  Ally Member
    First Comment Friend Collector Second Anniversary

    Hello,

    Yes I've set DNS Filter also and works much better now. Would it work even better if I use DNS Server from ZyWALL then since I see u set also a policy for DNS to ZyWALL

  • PeterUK
    PeterUK Posts: 3,460  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited May 16

    The DNS Filter works from LAN to WAN as well as LAN to Zywall you can choose to block DNS LAN to WAN if you want

  • nielsscheldeman
    nielsscheldeman Posts: 51  Ally Member
    First Comment Friend Collector Second Anniversary
    edited May 16

    Now I'm trying to work with a whitelist for 2 computers within the same LAN. I gave them fix IP and added a rule with higher priority then LAN1_Outgoing with only category filter. But the devices are still able to surf to any website? These are my settings below

  • PeterUK
    PeterUK Posts: 3,460  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited May 16

    would you need to set DNS Filter too on that rule?

    You can do top rule block DNS LAN to WAN

    Then a rule below LAN to WAN DNS Filter and Web Filter

    and LAN to Zywall DNS Filter

  • nielsscheldeman
    nielsscheldeman Posts: 51  Ally Member
    First Comment Friend Collector Second Anniversary

    Really struggling with it. Previous things didn't work, also because I wanted to use different DNS Servers then the ZyWALL I Guess.

    For the whitelist I have 2 computers that may only access 2 websites

    1 Computer in separate VLAN which i gave DNS address to ZyWALL → works fine now with only DNS Filter on it.

    Another computer which is domain joined and gets DNS Address from Domain Controller. So here I think I can't use DNS Filter. But Web filtering is not working fine. How to solve this?

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 888  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments

    Hi @nielsscheldeman ,

    If you still have problem within latest weekly. We can have remote session to clear your problem.

    I sent you the avaialble time by PM.

    Thank you

Security Highlight