-
How can I enable Safe Search on USG FLEX H?
Question: How can I enable Safe Search on USG FLEX H? Answer: Safe Search is currently not supported on USG FLEX H series. However, it is under evaluation and planned for a future release.
-
How to clean the Content Filter's cache by the CLI ?
Scenario : The user may encounter a situation where the Content Filter is not working (for example, a website that should be blocked is accessible) due to a caching issue. This article will guide you on how to resolve it. Answer : STEP1. Please log in to the firewall via console or SSH and enter the command below to clear…
-
Why are some URLs blocked even after adding them to the whitelist?
Scenario: I have setup some of DNS Content Filter categories as block rule first, and then I add multiple URL into "Allow List", but the website still blocked by DNS Content Filter rule. Answer: This issue might be occurring because the DNS content filter works by using DNS cache. When you add URLs to the "Allow List",…
-
Why can't I block websites using the Web Content Filter on ATP and USG FLEX?
Question: Why can't I block websites using the Web Content Filter on ATP and USG FLEX? Answer: It is not a bug. The issue is related to the browser update with TLS 1.3 Kyber support introduced in May 2024. If you are experiencing issues with blocking websites using the Web Content Filter, please ensure that firmware on…
-
USG FLEX H Series - New Algorithm Kyber768 Supported
The latest uOS update introduces support for the Kyber768 algorithm, which is gaining traction due to its adoption by major browsers like Google Chrome and Microsoft Edge. However, this new algorithm has also introduced an unexpected issue related to content filtering. Background With the adoption of Kyber768, browsers…
-
Opening the web site is very slow and logs appear "Service Unavailable" regarding to content filter
Question: It's very slow when opening website, and logs show Answer: This is because your network environment blocks our content filter’s external query IP. We recommend that you turn off the content filter/DNS threat filter as a workaround. And check whether there is any blocked on the device above.
-
How to block the Application which is not listed in App partol
Question: How to block the Application which is not listed in App partol? Answer: Those apps might have been developed locally and are not available worldwide, so App Patrol does not include them. You can try blocking them using custom URLs or FQDN objects in the content filter. Note: You can ask the developer for the IP…
-
Why request applying the content filter profile to ZyWall when applying to LAN_outgoing?
Scenario: When I apply a content filter profile to LAN_outgoing rule, a message pops out and requests applying it to Zywall as well. What does it mean? Answer: It's more like a reminder note instead of a warning error. For DNS content filter profile, you need to apply it to two security policies to make it work, that is,…
-
Why I get blocked by Zyxel Certificate when accessing website?
Scenario: When accessing websites, I encnounter difficulties for connecting to websites, and it shows the certificate is untrusted. Answer: dnsft.cloud.zyxel.com is our blocked page for the DNS content filter, and the certificate is a content filter certificate that will replace the original cert when accessing a website…
-
How to Enable Safe Search on USG FLEX H Series?
Question: How to Enable Safe Search on USG FLEX H Series? Answer: Currently, Safe Search is not supported on the Zyxel USG FLEX H series firewall. The feature is not available in the current release, but it is planned for a future update.
-
[SCR]Why are some hosts unable to be controlled by the SCR50AXE content filter service?
Question: We are testing the content filter service on SCR50AXE. Why are some hosts unable to be controlled by the SCR50AXE content filter service? Answer: Please check if DNS over HTTPS (DoH) is enabled on the Windows host. The SCR50 content filter would not work if hosts have DoH enabled. To check if DNS over HTTPS (DoH)…
-
How do I know which category a URL is classified by CLI ?
Enter the Test Command: Use the command "content-filter url-server test". Router(config)# content-filter url-server test This command puts you in the mode to test URLs with the external Web Content Filter. Test the URL: Input the URL you wish to classify. The system will then check the URL against the external Web Content…
-
How to clear the browser's DNS cache to prevent it from influencing the DNS content filter?
Question: How to clear the browser's DNS cache to prevent it from influencing the DNS content filter? Answer: To avoid the browser's cache, you can clear it using the following method. Google Chrome: Open a new tab. Type chrome://net-internals/#dns in the address bar and press Enter. Click the "Clear host cache" button to…
-
How to check Content Filter service when it is not working as expected
The device has valid content filter license and content filter service
is enabled.. However, you find some sites still bypass the inspection and are
not being blocked when they should be. The article explains how to troubleshoot
when Content Filter is not working as expected. Web Content Filtering
Process 1. A user enters…
-
There is no report on the report server if Category Service is not enabled in the profile
Custom Service” just set local check and it doesn't trigger report sending. Without "Enable Content Filter Category Service", there will be no reports on the report server.You must enable “Enable Content Filter Category Service” to force CF engine running query to get content filter result.
-
How to block HTTPS websites using Content Filtering and SSL Inspection?
SCENARIO DESCRIPTION: How to block HTTPS websites using Content Filtering and SSL Inspection? This is an example of using a ZyWALL/USG Content Filtering, SSL Inspection and Security Policy to block access to malicious or not business-related websites. Note: All network IP addresses and subnet masks are used as examples in…
-
How can I block https://www.facebook.com?
QUESTION If I block Facebook via the Content Filter, it works for http but not for https. We still can access Facebook via https. What can I do to block https://www.facebook.com? ANSWER Content Filter is used to block URLs. If we set up Facebook in the black list, it can only reject the traffic of http. We have to use…