Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 18584 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

super simple firewall rule not working?

Koos du Preez

This is really bizarre...   I have the following FW rules enabled, but ALL traffic still flows perfectly fine..

In fact I am typing and sending this post form a computer on the "internal" network..  

 



This thread was automatically locked due to age.
Parents
  • 0 in reply to zaphod

    Thanks.

     

    But I guess the statement still holds true that I cant do web filtering to restrict content like nudity AND use firewall rules to restrict kids to time window of using devices..

     

    You have to pick one or the other.. They can browse 7am-7pm, but allowed to watch porn.. OR you can block porn, but then their devices are active 24/7 . 

     

    ANY recommendations on how the heck to do both?

  • +1 in reply to Koos du Preez

    Hi Koos

    As you say, traffic will either match a firewall rule or Web Filter Policy. If you need to inspect web content then this will need to be sent through the Web Filter Policy. Both Firewall Rules and the Web Filter Policy can be set to only be active for certain time periods, so you should be able to achieve the desired outcome.

    To do this for the Web filter Policy, locate the Profile you are using and go to the Web Filter Policy list within this. Edit or Add the Policy you want to use, there should then be a dropdown menu for the Time Event (similar to the firewall rules). When the policy is disabled (out of the Time Event period) the request will hit the Base Policy within that profile, so make sure that is set to block all categories.

    Let me know if this helps

    Greg

Reply
  • +1 in reply to Koos du Preez

    Hi Koos

    As you say, traffic will either match a firewall rule or Web Filter Policy. If you need to inspect web content then this will need to be sent through the Web Filter Policy. Both Firewall Rules and the Web Filter Policy can be set to only be active for certain time periods, so you should be able to achieve the desired outcome.

    To do this for the Web filter Policy, locate the Profile you are using and go to the Web Filter Policy list within this. Edit or Add the Policy you want to use, there should then be a dropdown menu for the Time Event (similar to the firewall rules). When the policy is disabled (out of the Time Event period) the request will hit the Base Policy within that profile, so make sure that is set to block all categories.

    Let me know if this helps

    Greg

Children
  • 0 in reply to GregH

    Main thing here is what I suspected and Zaphod answered. Have a good read of the RULZ and try and memorise parts of them. In this case rulz #2 would have helped you. I've recently been caught out by the application filter with regards to this even though I've had the UTM's for a while.

    When strange things happen, work your way through the rulz and you will get your answer most of the time.

    In the case of automatic firewall rules, they will always come before manual firewall rules so worth bearing in mind.

    However, in this case, we could see that there weren't any because the rules posted were # 1 & 2.

  • 0 in reply to GregH

    Greg Thanks a lot for the info and detailed response.

     

    EDITED:  I figured it out!  thanks a lot Greg.  

     

    I was able to create a new profile and added just my kid's devices in there as the source network and then added a policy to restrict timed access and block nudity etc.

    This worked perfectly for browsers etc.  and then I also added a firewall for the same devices and time limits..

     

    works like charm.

     

    THANK YOU!

  • 0 in reply to Koos du Preez

    glad it worked for you. There is also the static mappings side of things where you can ensure that a certain device always gets a certain ip address (or reservation) via DHCP.

    You would then add this ip address into your filters/rules.

  • 0 in reply to Koos du Preez

    please mark gregh answer as the answer you need so this thread is marked finished and other can search and see there is an tested answer in it :-)

  • 0 in reply to Louis-M

    Thanks, Yeah, I have all my devices mapped to static dhcp reservations.  thats how they show up in the source networks so i can add them to firewall rules and web filtering profiles.