Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 7642 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filtering Rule Position Question

BobbyDigital

I have a web filtering rule to restrict explicit content access to one IP address. It is at the top of the rule base. However it does not work. I'm suspecting because I have another rule that allows this access and it is network based. 

In my dealings in the past. Most firewalls use a top down hierarchy when it comes to applying the firewall rules. I know the web filter works because if I apply it to the network rule at the lower bottom the explicit content is blocked. 

Secondly, since I am in transparent mode and I dont have users authenticating for network access is it possible to bypass the login page when the web filter blocks traffic and send them directly to the splash page?

 



This thread was automatically locked due to age.
  • 0

    Well, for the first question, you could try 2 x host groups. One group has the single IP and the top fiiltered rule looks at that instead of the single IP. But the group does contain the single IP

    The other group in the rule down lower with no filtering contains all the other host IP's. Set the IP's as range so you dont have to manually type out every single one.

    It may require moving the IP of the single machine outside the range of the other hosts.

  • 0

    Bobby,

    can you share your Firewall rule?

    I suspect that the first rule the check box "Match know users" is checked. Even if users is any, users have to authenticate in order to hit that rule. XG as other firewall uses the top-down approach.

    For the Block page, go to Autnetication > Services and at the bottom of the page, change the captive portal settings to "Prompt unauthenticated users to login: no" and there is another option that says "blocked message" but I cannot remember the correct name.

    Regards