Firewall rule Facebook / Web URL / App-Filter

Hi,

you need to be using policies which are applied to firewall rules. Are you trying to stop facebook access, also there are default exceptions in there web exceptions for facebook.

the enforcement of policies is via firewall rule using web, application and IPS settings in the Proxy or DPI.

Ian

Hi,

if I have understood that correctly, I should use the web filter in the firewall rule and also the application in the firewall rule.

Is that right ???.

The questions have been answered, but you do not seem to want to understand the answers.

the rules are processed top to bottom. Criteria can included network or device IP address, is the URL in the blocked list, is the application allowed, is the port valid. All these things show in the logviewer when you review the filtered output.

ian

I am fully aware of and understood the principle that every rule is processed from top to bottom and that the rule is then executed on the basis of the criteria.

Problem, which unfortunately also arises, that I use a switch behind the XG, also means that I cannot see everything in the log. But I'm only talking about rules that are set up in the direction of WAN.

Again the question, what is one of the criteria that a rule is executed.

Ask again, if the web rule usually applies, but is usually valid for every client, is it then carried out?

It is different if a web filter and an application rule are usually stored and the rule applies to all clients,
the WebFilter is valid, but the application is not, is this rule executed?

Are all mechanisms usually summarized as a logical AND or an OR link that a rule is executed.

That is a very crucial thing.

Firewalls are always applied based on Source IP, Destination IP and Service. 

You can replace Source IP by Username in context of a user based Firewall rule. 

There are no other criteria. If the firewall rule hits, it will apply the filters, attached to the rule (Web, app, ips etc.). 

ok, thank you, that fits, I can start something with that.

Thanks

I have to ask again

there is only one criterion, either with the IP / subnets or the users that a rule is applied to.

greeting

Its first match. 

OK,
I don't know how to solve the problem. All my rules are not working properly.

Use the policy tester to check, which policy is applied. Then check the affected policy, if all the wanted filters are applied. 

I'm not even sure if it's the WebFilter or the firewall rules.

You need to understand, firewall rules are the way to apply filters. If there is no firewall rule, it will not apply anything. IPS, Web, App control is a filter, which will apply after a firewall rule attached this to the traffic.

You need to understand, firewall rules are the way to apply filters. If there is no firewall rule, it will not apply anything. IPS, Web, App control is a filter, which will apply after a firewall rule attached this to the traffic.

Hi,

yes I am very aware of that and I have understood how the principle works.

That's why I keep asking or trying to understand exactly how it works, hence the question when a rule is triggered and applied.

I'll open another topic where I start a call for help.

It's all weird, sometimes it works and sometimes it doesn't. Even with an ANY ANY rule, not everything works.

greeting

Please an expanded copy of your any any rule.

ian

Hi sorry,

but this f .... SSL / TLS on the Android SmartPhones. I looked up in the German description that the SSL / TLS does not work reliably on Android devices.

Man man man, what ***. I always tested the connections with the Android devices, called up websites and various APPs.

Yes, sorry, but why is it that the Android devices cannot cope with the decryption with Google.

What kind of f ...

greeting

There is a bug in v18.0.5, try upgrading to v18.5.1 from my testing so far on Apple devices I haven’t had any failures, whereas the previous version I had to stay with the proxy.

ian

Do you have a TLS Decryption Rule created for this device? 

You mean here at this point?

Check your Firewall rule for the device, there is also a option to decrypt the traffic. 

What should I check there?

I don't understand what to check there. ???

I also don't see in the LOG where the problem is, I see the WebFilter appear and are also allowed, but nothing works anyway.

Now I have to go back to ANY ANY, so it can't be that slow.

I look carefully at the one client filtered in the log. The firewall rule and the web filter are all GREEN. No red one among them.

I don't understand where the problem is, for days and hours nothing works, except ANY ANY.

I'm slowly losing my nerve with this nonsense. I've already learned a lot about it, but that can't really work properly.

Thats a rule to select some services.

it doesnt work