Turning Off Web Protection Altogether

Hi Aron,

If I understand correctly, you've disabled Web Protection on your UTM 9? If that is the case then you would not be getting a site blocked notice on your browser since the UTM is no longer the proxy for your web traffic. Any site blocks should be then decided by your Firewall rules. Which logs are your looking at?

To disable, the Web Filtering toggle will be grey and the Global tab will show a red x beside it.

Thanks,
Karlos

???? If you turn off web filtering, you will need to revert to firewall rules, dns, nat etc.

Have you got these configured?

I haven't.  If possible we would just like to add a couple sites that are out of the US on the exception list but it still won't unblock the page.

You have 2 choices. Use web filtering and apply a whitelist.

Or revert to standard firewall rules and only allow web access to those servers.

For this you will need to set up DNS, NAT & your firewall rules.

Hi Aron and welcome to the UTM Community!

If this is not a home-use situation, your organization should get you some help with the initial design and configuration.  I bill more hours to fix what a CCIE with no UTM experience has done than I would have had I done the initial design.

If it's a home-use scenario, this is the best place to get help - just keep asking questions.

Cheers - Bob

It is hard to know exactly what happened without knowing which live log you are viewing, and not knowing everything in the log entry.   Here are some of the possibilities:

• You have country blocking enabled, and need to create a country blocking exception.
• You have Intrusion Protection enabled, and the sites are sending back content that is triggering an alarm which blocks traffic.
• You have web protection enabled, even though you said that you want it off, and web protection is blocking the traffic.

However, web protection blocks the request, so it returns results quickly.   A long delay (about 2 minutes) followed by a generic browser message would indicate that the response was blocked, so the problem is probably in IPS or Country Blocking.   You can check for IPS events in the IPS log.

However, Web Protection is the best part of UTM, and an essential part of any cyberdefense strategy.   I don't think you really want all users to have access to all web content.    Software Piracy?   School Cheating?   Pornography?   Criminal Activity?  Even if you do want access to all categories, you still should block access to bad-reputation sites.   I block Web Ads because I know that their content is not from the requested site, so the reputation is unknown.   Researchers have demonstrated that they are potentially usable for malicious purposes.

An analogy:  If you don't want to get stabbed, you can either avoid bad neighborhoods or wear an armored vest.   90% of cyber-safety is staying out of bad neighborhoods.   The weapons used by bad guys are always changing, so you really don't want to find out if your armored vest will protect against the weapon they are using today.

I second Bob Alfson's recommendation to get an expert involved.  There is a lot of complexity to UTM.

I turned web protection back on.  I am trying to make an exception to the sites but it's not blocking them with a splash screen it's just timing out.  How do I add an exclusion for countries?

That is a bug or "undocumented feature".   Web Filtering ignores Country Blocking Exceptions. 

Instead, create a web filtering exception to "Skip UTL Filtering" for the desired websites.   It produces the intended results, except that it probably eliminates any ability to block the site for specific users.   This is because I believe that URL Filtering is where the site is checked for category and reputation, so if you don't check, then you don't know.  

Look in the Web Filtering log, Aron, to see what's happening and then post a relevant line here.

Cheers - Bob