Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 5019 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

policy not working

smunro622

i have a few filters set to block a few items for my home network as i have a 15, 11 and 8 y/o,i have the policy applied in the firewall and set to block and i still am able to get to the site.

Another time i cant get to the site as it has a cert is invalid error, not the sophos block.. what else can i do block adult content.

 



This thread was automatically locked due to age.
  • 0

    Hi,

    Please post a detailed copy of your firewall rules.

    Ian

  • 0 in reply to rfcat_vk

    rfcaat,

     

    i figured it out, looks like DNS was over ruling a web policy? also i am noticing differences on how IE, Chrome, and Edge handle a blocked site...Edge is throwing up all over the place and chrome and firefox seems to be fine.

     

    I was trying to use open DNS for a second layer of filtering and in the WAN config DNS i had 208.67.222,222 and 220.220 and it was over riding the wed policy.

    Is this a bug or a known feature set ?

  • 0 in reply to smunro622

    Hi,

    sounds like your DNS is not setup correctly on the XG.

    Point the DHCP server at the internal network address

    Use the XG servers as below, but you can change the DNS to your choice. I have found those DNS you are using to be quite slow in responding.

    Ian

  • 0 in reply to smunro622

    smunro622 said:

     

    I was trying to use open DNS for a second layer of filtering and in the WAN config DNS i had 208.67.222,222 and 220.220 and it was over riding the wed policy.

    Is this a bug or a known feature set ?

    I don't see how your DNS settings should affect web policies. I was running a similar setup in the past with OpenDNS being assigned as the DNS server directly to the clients. Recently I switched to using Sophos XG as the DNS server. Either way, it shouldn't affect your web policies. If you can, posting your firewall rules would help troubleshoot the issue. My only guess is the firewall policies you had set weren't being applied to the device you were using to test.