security policy does not block traffic

DGALDINO · December 3

I created the blocking rules based on the content filter categories, but they are not being blocked. For example, online radios (to reduce bandwidth usage) are not being blocked, some categories do accept the block, but most just pass through the policy.

PeterUK · December 3

You likely have to move the rule to the top as any rule above could be allowing the traffic before it gets to the content filter rule.

Zyxel_Tina · December 4

Hi @DGALDINO,

As you mentioned, “some categories do accept the block, but most just pass through the policy”, could you please clarify on the traffic flow you are testing and specify the source and destination in detail so we can better understand the situation? Also, to investigate further, please provide the unmasked details from your security policy screenshot so we can analyze your configuration more accurately. You may share this information with us via private message.

Additionally, you may enable logging on the policies. This will allow you to check the logs and trace exactly which security policy rule the traffic/event is hitting, also helping pinpoint the necessary adjustments.

DGALDINO · December 4

https://community.zyxel.com/en/discussion/comment/81904#Comment_81904

em tese, as regras abaixo nao dereveriam bloquear (funcionar corretamente)?

DGALDINO · December 4

certo, movendo para cima nao vai inutilizar a outras regras? qual sequencia deve ser feita?

DGALDINO · December 4

Zyxel_Tina · December 5

Hi @DGALDINO,

Thank you for the information!

Since some categories are blocked while others (e.g., Internet Radio/TV) pass through, please verify the classification of unblocked URLs using the tool (screenshot attached below). This confirms how the system categorizes them. If the tested URL does not appear in any category, please let us know. We can further assist by reviewing it on our side.

(Nebula)

Additionally, please note the best practice for firewall rule order:

For optimal filtering behavior, the most specific and restrictive rules should be placed at the top of your firewall policy list, while more general or permissive rules should be placed lower in the sequence.

Therefore, we also recommend moving the security policies that apply your Content Filter profile to the top of your policy list.

DGALDINO · December 5

recortei o conteúdo do site, mas segue que mesmo seguindo orientação de colocar a regra acima de todas outras, algumas politicas ainda não funcionam corretamente.