Application filtering doesn't work

hello

i think you must enable Micro App Discovery

in order to enable it

on device press no. 4 to enter console mode

type down the following command :

system application_classification microapp-discovery on

and to ensure you have enabled it type down the following command

system application_classification microapp-discovery show

Like I said, if I turn on micro app discovery via the CLI, it causes all HTTPS traffic to fail with an invalid certificate error.

And why should I have to go into the CLI to change this in order to enable functionality which is in the web UI?

From memory during the beta v17 micro app discovery was turned on by default and for some stupid reason the management of the setting was removed from the GUI.

I think you are going about the game blocking the hard way, there are default rules to block games and gambles which I use. Seems to stop most games.

You would put that in the top firewall rule which has your time setting and then the other rules for general always access follow.

You are also using decrypt and scan that will require the CA to be published to your users.

Ian

Thanks Ian,

I tried the easy way without success:

https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/98269/struggling-with-game-blocking

and so I tried the app filter.

My certificate problems were caused by me not knowing that Firefox has its own certificate store :)

Im also struggling with App filters, I have been using the new Syncronised application controls now to add apps that XG and Central has found on my machine.  But the rules are still a bit hit and miss.  

I still cant work out if i should be using App filters on there own like you have ie web filters set to none for the app filters to work correctly, but then if i do need to use Web filters with app filters the app filters seem to get ignored as i still see apps connecting to web sites that are either not in my app filter allow list or are in an app filter block list.  Sophos really needs to make it clearer on the best ways to use application control on there own and with web filters and also get them to work how they are set in the app filters.  IE if i setup allowed apps then id expect any apps not on my allowed app list to not get through the rule and vice versa with blocked app lists id expect them to just block the apps listed.

Do you have Sophos Central too, as its definately worth trying to use Syncronized application control for your games as that way it will list the games exe path that is detected allowing you to create an app filter rule with those detected apps.  Maybe that method would work slightly better than the preset app lists, however as i say its still hit and miss if it will work...

Which games are you trying to block?  Have you tried looking up the URLs used by the games from there support sites or google? That way you could create a firewall rule to block traffic to those FQDNs rather than using App filters.... Its worth a shot, the down side is in if there are a lot of URLs to enter.  Wildcard FQDNs help a lot however XG really needs a method to import Host lists from TXT / CSV files for FQDN hosts.  

JK

Basically I'm lokking for a way to stop all the common game sites such as battlenet, origin, steam etc. while keeping a few, such as Discord, open. Don't have Sophos Central (home user).

Hi,

I have just tried to download the battlenet application and failed 4 times, twice with FF and twice with Safari. In all cases the certificate failed, but when an exception was set the site was blocked by XG.

Ian

can u screenshot your rules??

Hi,

I am not sure what rules you want? The screenshot above is the firewall rule using the default settings? The only rule I have modified is the IPS where I removed the server and linux sub-set.

Ian