So I am trying to set up some filtering. This is working as expected I was able to successfully set up a filter for several devices getting to youtube (using a static list of urls in the URL Group). I then have this firewall rule set as the first in the list to allow. Then I tested the policy and it shows that it is blocked This is not working as expected I set up a second filter and enabled a new firewall rule (same as above) the difference here is that instead of a static list of URLs, I specified several of these block lists github.com/.../sophos-xg-block-lists as a new category. Then I tested the policy using an item from the list and it shows that it is allowed. Thoughts?

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue with External URL database web filter

Super CM over 6 years ago

So I am trying to set up some filtering.

This is working as expected

I was able to successfully set up a filter for several devices getting to youtube (using a static list of urls in the URL Group). I then have this firewall rule set as the first in the list to allow. Then I tested the policy and it shows that it is blocked

This is not working as expected

I set up a second filter and enabled a new firewall rule (same as above) the difference here is that instead of a static list of URLs, I specified several of these block lists github.com/.../sophos-xg-block-lists as a new category. Then I tested the policy using an item from the list and it shows that it is allowed.

Thoughts?

This thread was automatically locked due to age.

0 rfcat_vk over 6 years ago

Does the site that you connected through to live in the list?

When connecting to the site what does the log viewer show in the web page?

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 Super CM over 6 years ago in reply to rfcat_vk

I opened one of the sources and picked a site in the list. I chose one specifically from the list. I tried just pasting that into the policy test tool and it told me it wasn't blocked. I tried in a browser but it doesn't come up. The site does come up if I prepend with a www but that doesn't show up in the list. I tried a bunch of sites from the list but none of them seem to ping.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 6 years ago in reply to Super CM

Hi,

I did not do an extensive search or test. The one I did check appears to be based on a lot of microsoft support sites ;iler doctor watson reporting. The facebook is covered by the facebook FQDN list in XG, but you will need to experiment and maybe create/add your own list. Facebook adds new FQDNs regularly that do not fit the fb, fbcdn or facebook. They also use .net as well as country based suffix.

I don't block facebook at home as I wish to survive. I have limited access to it by creating my own web and application lists.

In XG the application and web successfully block most of the desired things, but occasionally need a fine tune. Currently Sophos are working on a fine tune of the VPN block. there are a couple that some people have not been able to block successfully.

Ian
Cancel
Vote Up 0 Vote Down

Cancel