Firewall rule Facebook / Web URL / App-Filter

Hi,

you need to be using policies which are applied to firewall rules. Are you trying to stop facebook access, also there are default exceptions in there web exceptions for facebook.

the enforcement of policies is via firewall rule using web, application and IPS settings in the Proxy or DPI.

Ian

Hi,

if I have understood that correctly, I should use the web filter in the firewall rule and also the application in the firewall rule.

Is that right ???.

Use the policy tester to check, which policy is applied. Then check the affected policy, if all the wanted filters are applied. 

I'm not even sure if it's the WebFilter or the firewall rules.

You need to understand, firewall rules are the way to apply filters. If there is no firewall rule, it will not apply anything. IPS, Web, App control is a filter, which will apply after a firewall rule attached this to the traffic.

Hi,

yes I am very aware of that and I have understood how the principle works.

That's why I keep asking or trying to understand exactly how it works, hence the question when a rule is triggered and applied.

I'll open another topic where I start a call for help.

It's all weird, sometimes it works and sometimes it doesn't. Even with an ANY ANY rule, not everything works.

greeting

Please an expanded copy of your any any rule.

ian

Hi sorry,

but this f .... SSL / TLS on the Android SmartPhones. I looked up in the German description that the SSL / TLS does not work reliably on Android devices.

Man man man, what ***. I always tested the connections with the Android devices, called up websites and various APPs.

Yes, sorry, but why is it that the Android devices cannot cope with the decryption with Google.

What kind of f ...

greeting

There is a bug in v18.0.5, try upgrading to v18.5.1 from my testing so far on Apple devices I haven’t had any failures, whereas the previous version I had to stay with the proxy.

ian

Do you have a TLS Decryption Rule created for this device? 

You mean here at this point?

You mean here at this point?

Check your Firewall rule for the device, there is also a option to decrypt the traffic. 

What should I check there?

I don't understand what to check there. ???

I also don't see in the LOG where the problem is, I see the WebFilter appear and are also allowed, but nothing works anyway.

Now I have to go back to ANY ANY, so it can't be that slow.

I look carefully at the one client filtered in the log. The firewall rule and the web filter are all GREEN. No red one among them.

I don't understand where the problem is, for days and hours nothing works, except ANY ANY.

I'm slowly losing my nerve with this nonsense. I've already learned a lot about it, but that can't really work properly.

Thats a rule to select some services.

it doesnt work

You need to understand, if you attach a filter control rule, it can mess up with the traffic. Some devices are not build to work with this. 

Switch everything off in Web filtering and remove the web policy. Try again if it works or not. 

Since I didn't understand, sorry, please explain again in more detail.

Thanks...

Change web policy to allow all.

Ian

Hi,

now I do not understand anything anymore.

How should I now apply the web policy for various clients and / or users?

Why then should the WebPolicy rule be applied in the firewall rules at all?

So that somehow misses my understanding.

greeting

You are trying to test an any any rule so you don't need the default web policy. You normally use an any any rule with minimal restrictions to see what sites and ports an application /PC go to so you can restrict access and improve security of your network in your then specific rules for that device.

The web policy allows you to fine tune a rule for each client group/users on a rule be rule basis.

I have a number of web and application policies that apply to my apple devices, my security cameras, my VoIP services and other IoT devices. Some have very specific policies and others have limited policies.

Ian

ok, i already got that with the web policy.

But I thought you would have to include the WebPolicy in a firewall rule and apply it.

Or do I create a firewall rule with Any / Any without users or clients and then only apply the WebPolicy.

The Friewall rules are then only to restrict the clients between the subnets etc. and / or services?

I don't understand when one now

- where an application rule is used

- where a web policy is used

Web and application policies are used when you want restrict access to specific functions. You do not have to apply any web or application policies. If you want to use the proxy you would choose allow all in the web policy so you can see the classification in your reports if you so desire. I have created my own places to use with blocking certain security avoiding application but because some of my devices use tunnels I have had to fine tune the generic block all tunnels policy.

Policies are all about managing user access and providing a secure managed network. There are a number of default policies which are provided so you have something to use as a reference when building your own, they are very generic.

Ian