Firewall rule Facebook / Web URL / App-Filter

Hi,

you need to be using policies which are applied to firewall rules. Are you trying to stop facebook access, also there are default exceptions in there web exceptions for facebook.

the enforcement of policies is via firewall rule using web, application and IPS settings in the Proxy or DPI.

Ian

Hi,

if I have understood that correctly, I should use the web filter in the firewall rule and also the application in the firewall rule.

Is that right ???.

Correct. Application and web policies only work with either dpi or http proxy enabled. If you are trying to block Facebook you need to review the web exceptions settings.

ian

OK,

it would be possible to show an example using screenshots.
I've tried and unfortunately the rule doesn't work.

greeting

First of all what are you trying to achieve in specific details.
I will post some screenshots later tonight my time.

ian

First of all what are you trying to achieve in specific details.
I will post some screenshots later tonight my time.

ian

ok, unfortunately I have to go now, I'll get in touch with you again late this evening.

Thank you first, have a nice day

Hi,

rather than me posting a lot of screenshots, please review the forum thread below.

The thread points to some KBAs that might be of help. There are other KBAs and previous threads on similar subjects.

how to block

If you still have issues after reading and building some of the policies please ask for further assistance.

ian

Hello,

ok, so from actually it is not really difficult, at least when and how to set up a web policy.

The problem is that I don't have stable states. I have a feeling that sometimes different rules work and sometimes they don't. I can't tell what it is.

The ANY / ANY rule at the top always works when I activate it :-).

This is my absolutely big problem.
I don't understand when a decision is made, when a rule is processed or not.
If, of course, I usually make a mistake, e.g. store HTTPS as a service, although I would like my WebServing rule to be the last. I have already checked several times that my rule, based on my theory, is not processed further above the rule. I also always check the traffic and always reset it to zero.

Yes, I also looked at other KBAs.

I have a few basic questions?

0. What is the basic order of the securities in a rule.
Is the web filter processed first and then the network rule?

1. When does a web rule work? Only if it is stored in a firewall rule?

2. When does an application filter take effect? Only if this filter is stored in a firewall rule?

3. How does a firewall rule determine whether it should be evaluated?
For me, it's about understanding how to properly apply the TopDown principle.

e.g. I have saved a WebFilter and an application rule,
The zones, etc. are set to ANY / ANY.

What happens to this rule?

This rule is processed if either the WebFilter and / or the application filter match.

4. How is a rule processed if it is defined as in question 3 and which I e.g. ANY in the source zone and have source devices stored as IP hosts.

Hi,

I will answer one point at this stage. Rules are processed by the number down there left hand side. When a criteria is met then that rule is used. If no match the default drop applies.

Ian

What does number mean?

I create a rule and a new number is assigned. But if I move the rule up, the number is the same but the order is different.

It is now not processed in the exact order based on the number.

With regard to the other questions, you could understand what I mean or what my questions are aimed at.

The lefthand number is the processing order which changes whenever you re-arrange your rules, the righthand number is the rule number which does not change. The rules are processed in the order down the left hand side.

Ian

I will answer your other questions later today my time.

Hi, how do I have to imagine the processing sequence of a rule.

What is the order in a rule until a hit is found.

As I said, I don't understand that the rules are hardly or almost completely addressed and my last rule applies,
where the services include HTTP / HTTPS, as ANY / ANY.

I wanted to keep it activated until everything worked reasonably well.

greeting

Using logviewer review what traffic is being passed by you any any rule and then use that information to fine tune your higher rules.

Ian

Hello,

ok thank you, I won't get any further here. The questions are not entirely answered for me.

I think my questions are not understood or not read.

greeting

The questions have been answered, but you do not seem to want to understand the answers.

the rules are processed top to bottom. Criteria can included network or device IP address, is the URL in the blocked list, is the application allowed, is the port valid. All these things show in the logviewer when you review the filtered output.

ian