This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall rule Facebook / Web URL / App-Filter

Hello,

for example, I would like to create a firewall rule that is used for various clients when using Facebook.

I created various IP hosts, web URLs and also an application filter for Facebook. But it looks like the rule, visible on the basis of the traffic, is not attracted to the rule. Is that basically possible or what would be a procedure.

Greeting



This thread was automatically locked due to age.
Parents
  • Hi,

    you need to be using policies which are applied to firewall rules. Are you trying to stop facebook access, also there are default exceptions in there web exceptions for facebook.

    the enforcement of policies is via firewall rule using web, application and IPS settings in the Proxy or DPI.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi,

    if I have understood that correctly, I should use the web filter in the firewall rule and also the application in the firewall rule.

    Is that right ???.

  • You need to understand, if you attach a filter control rule, it can mess up with the traffic. Some devices are not build to work with this. 

    Switch everything off in Web filtering and remove the web policy. Try again if it works or not. 

    __________________________________________________________________________________________________________________

  • Since I didn't understand, sorry, please explain again in more detail.

    Thanks...

  • Change web policy to allow all.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi,

    now I do not understand anything anymore.

    How should I now apply the web policy for various clients and / or users?

    Why then should the WebPolicy rule be applied in the firewall rules at all?

    So that somehow misses my understanding.

    greeting

  • You are trying to test an any any rule so you don't need the default web policy. You normally use an any any rule with minimal restrictions to see what sites and ports an application /PC go to so you can restrict access and improve security of your network in your then specific rules for that device.

    The web policy allows you to fine tune a rule for each client group/users on a rule be rule basis.

    I have a number of web and application policies that apply to my apple devices, my security cameras, my VoIP services and other IoT devices. Some have very specific policies and others have limited policies.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • ok, i already got that with the web policy.


    But I thought you would have to include the WebPolicy in a firewall rule and apply it.

    Or do I create a firewall rule with Any / Any without users or clients and then only apply the WebPolicy.

    The Friewall rules are then only to restrict the clients between the subnets etc. and / or services?

    I don't understand when one now

    - where an application rule is used

    - where a web policy is used

  • Web and application policies are used when you want restrict access to specific functions. You do not have to apply any web or application policies. If you want to use the proxy you would choose allow all in the web policy so you can see the classification in your reports if you so desire. I have created my own places to use with blocking certain security avoiding application but because some of my devices use tunnels I have had to fine tune the generic block all tunnels policy.

    Policies are all about managing user access and providing a secure managed network. There are a number of default policies which are provided so you have something to use as a reference when building your own, they are very generic.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • sorry, i dont have understand your answer.

    I am totally confused !!!

    Can you explain exactly when a WebPolicy works?

    When is an application rule used.

    I am confused because you can select both in a firewall rule.

  • A web policy is for URLs eg websites, application policy is for things like teamviewer, tor browser, etc You can have both when you want to restrict an application to work through a specific web server.  Or conversely stop an application using a website.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • yes I am aware of that.

    Unfortunately I did not understand when to use a web policy or an application filter in the firewall rule.

    Apparently it is so or are there constellations that it does not always work?

    I still haven't understood what the WebPolicy or application filter setting in the firewall rule is doing.

Reply
  • yes I am aware of that.

    Unfortunately I did not understand when to use a web policy or an application filter in the firewall rule.

    Apparently it is so or are there constellations that it does not always work?

    I still haven't understood what the WebPolicy or application filter setting in the firewall rule is doing.

Children
  • Put simply they are used to manage access or deny access to certain things because a number of things can exist at the same address.
    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • tell me please, what happen here in this rule.

  • Application control and web control are not the same. 

    application control filters on all ports, if the appliance can regnonise the traffic based on pattern (Sometimes port, sometimes special written applications signatures etc.).

    Web filter is applied to HTTP/s Traffic (port80/443) and will be applied to all traffic, that can be filtered. 

    In this rule: you are decrypting the traffic, which can be an issue, if you do not know the basic rules of decryption. See: https://support.sophos.com/support/s/article/KB-000038420?language=en_US

    Then you apply a app control and a web control rule, based on the traffic, those devices are generating. And only in the certain time based field. 

    BTW: The rule is disabled. 

    __________________________________________________________________________________________________________________

  • ok, yes the rule is deactivated :-) because I have the problem with the functionality of the firewall rules.

    I will read this through. But it makes sense in the operation etc. for me it is absolutely incomprehensible what this benefit is actually supposed to be looking for in the firewall rule and as far as I can remember it was not organized that way in the SG.

  • What does that mean in a brief overview.

    Both filter options cannot be used in one rule at the same time?

  • You can merge filter options in a policy. You also need to change the services to http and https. If you want to block access you also need to install the ca on the pc. What other rules do you have for the kinder group outside of your time limit?

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • There is a difference in a application based traffic and a web based traffic. Generally speaking a web based traffic looks like a browser is opening a connection to a website. A application could be something like spotify on windows. It looks like a web based traffic but could be categorized by the appliances as a application. 

    Start simply. Do a Client to WAN rule without any filter. Check if this works fine. Then enable the first filter. Check if everything works as expected and work towards the goal. Do not enable all filters at once if you do not know, what each and every filter means. 

    __________________________________________________________________________________________________________________

  • Hello,

    so I can answer again. After that someone meant to report this thread.

    I don't know what that happened, so be it.

    Well, I have to say it again. It is absolutely not understandable and transparent how these many constellations in connection with web filters, network rules and also application filters belong together or rather can be configured.

    Again, these many constellations are not clear to me how and when I set up the WebFilter etc. or apply them to a rule or not.

    I am already aware of a few things what HTTPS and scanning etc. is.

    But setting up is absolutely not transparent.

    Ok, I also tried to activate and check rules individually.

    How can you try to make this setting for Facebook to match the thread name.

    Is that possible.?

    greeting

  • I am not sure how to explain this in more depth. 

    It is actually that simply as; Create one rule, attach all block rules of applications and websites you do not want. 

    That it. Be careful with HTTPS decryption as this will likely kill the client, if not prepared.

    __________________________________________________________________________________________________________________

  • Hello,

    I marked one of your answers as abuse since swearing isn’t allowed in the Forum.

    community.sophos.com/.../sophos-community-terms-and-conditions-of-use

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.