Firewall rule Facebook / Web URL / App-Filter

Hello,

for example, I would like to create a firewall rule that is used for various clients when using Facebook.

I created various IP hosts, web URLs and also an application filter for Facebook. But it looks like the rule, visible on the basis of the traffic, is not attracted to the rule. Is that basically possible or what would be a procedure.

Greeting



Edited TAGs
[edited by: emmosophos at 12:09 AM (GMT -7) on 16 Jul 2021]
  • Hi,

    you need to be using policies which are applied to firewall rules. Are you trying to stop facebook access, also there are default exceptions in there web exceptions for facebook.

    the enforcement of policies is via firewall rule using web, application and IPS settings in the Proxy or DPI.

    Ian

     
    V18.5.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • Hi,

    if I have understood that correctly, I should use the web filter in the firewall rule and also the application in the firewall rule.

    Is that right ???.

  • Correct. Application and web policies only work with either dpi or http proxy enabled. If you are trying to block Facebook you need to review the web exceptions settings.

    ian

     
    V18.5.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • OK,

    it would be possible to show an example using screenshots.
    I've tried and unfortunately the rule doesn't work.

    greeting

  • First of all what are you trying to achieve in specific details.
    I will post some screenshots later tonight my time.

    ian

     
    V18.5.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • ok, unfortunately I have to go now, I'll get in touch with you again late this evening.

    Thank you first, have a nice day

  • Hi,

    rather than me posting a lot of screenshots, please review the forum thread below.

    The thread points to some KBAs that might be of help. There are other KBAs and previous threads on similar subjects.

    how to block

    If you still have issues after reading and building some of the policies please ask for further assistance.

    ian

     
    V18.5.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • Hello,

    ok, so from actually it is not really difficult, at least when and how to set up a web policy.

    The problem is that I don't have stable states. I have a feeling that sometimes different rules work and sometimes they don't. I can't tell what it is.

    The ANY / ANY rule at the top always works when I activate it :-).

    This is my absolutely big problem.
    I don't understand when a decision is made, when a rule is processed or not.
    If, of course, I usually make a mistake, e.g. store HTTPS as a service, although I would like my WebServing rule to be the last. I have already checked several times that my rule, based on my theory, is not processed further above the rule. I also always check the traffic and always reset it to zero.

    Yes, I also looked at other KBAs.

    I have a few basic questions?

    0. What is the basic order of the securities in a rule.
    Is the web filter processed first and then the network rule?

    1. When does a web rule work? Only if it is stored in a firewall rule?

    2. When does an application filter take effect? Only if this filter is stored in a firewall rule?

    3. How does a firewall rule determine whether it should be evaluated?
    For me, it's about understanding how to properly apply the TopDown principle.

    e.g. I have saved a WebFilter and an application rule,
    The zones, etc. are set to ANY / ANY.

    What happens to this rule?

    This rule is processed if either the WebFilter and / or the application filter match.

    4. How is a rule processed if it is defined as in question 3 and which I e.g. ANY in the source zone and have source devices stored as IP hosts.

  • Hi,

    I will answer one point at this stage. Rules are processed by the number down there left hand side. When a criteria is met then that rule is used. If no match the default drop applies.

    Ian

     
    V18.5.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • What does number mean?

    I create a rule and a new number is assigned. But if I move the rule up, the number is the same but the order is different.

    It is now not processed in the exact order based on the number.

    With regard to the other questions, you could understand what I mean or what my questions are aimed at.