Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 8813 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking websites

preet
We don't have license for Web and Content filtering.So we need to block specific sites.How can this be done.
Created the packet filter rules but does not work.

Internal Network--Any--Any--Allow
Internal Network--Any--www.abc.com DROP


This thread was automatically locked due to age.
  • 0
    The rules are processed in order, so the second rule is not effective, but you probably need to block incoming traffic rather than outgoing anyway.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Yes i did by placing the rule on the top
    youtube---Any---Any---DROP
    Still it does not work
    Working with iptables war more comfortable.
  • 0 in reply to preet
    You will need to block multiple URLs to block most sites, for example ytimg.com hosts much of the video content of youtube.

    Watch the PF live log while testing access to the sites, you may see the holes in you blocking rules.
  • 0
    We don't have license for Web and Content filtering.So we need to block specific sites.How can this be done. 


    You are going to find this a losing proposition .. as the blocking requests get more frequent and more detailed you will end up building a house of cards that will be unmanageable and will slow the firewall down. 

    Get a web/content filter of one form or another.  We have used SurfControl (now WebSense) for a while and are satisfied.  If money is a huge issue you can likely find a free (or really cheap) one by searching the web.
  • 0 in reply to tomjedrz
    The license cost for adding the web filtering subscription to the Astaro is competitive with standalone products, check with your reseller if you wish to evaluate the feature (we often issue such evaluation licenses for short periods of time, a sort of try it before you buy it proposition).

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    If its so difficult to add a simple rule to block a website then only option we have is to get subscription or go for some other webfilter software.
    I added on top the filter rule
    abc.com---any----any     DROP
    any---any---abc.com      DROP

    does not work
  • 0 in reply to preet
    Try using OPENDNS instead - OpenDNS | Providing A Safer And Faster Internet

    Once set up you can block up to 50 differant categories of sites plus create your own blocklists of domains.

    Best part - it's free.
Cookie Information Banner