Firewall rule Facebook / Web URL / App-Filter

Hello,

for example, I would like to create a firewall rule that is used for various clients when using Facebook.

I created various IP hosts, web URLs and also an application filter for Facebook. But it looks like the rule, visible on the basis of the traffic, is not attracted to the rule. Is that basically possible or what would be a procedure.

Greeting



Edited TAGs
[edited by: emmosophos at 12:09 AM (GMT -7) on 16 Jul 2021]
Parents
  • Hi,

    you need to be using policies which are applied to firewall rules. Are you trying to stop facebook access, also there are default exceptions in there web exceptions for facebook.

    the enforcement of policies is via firewall rule using web, application and IPS settings in the Proxy or DPI.

    Ian

     
    V18.5.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • Hi,

    if I have understood that correctly, I should use the web filter in the firewall rule and also the application in the firewall rule.

    Is that right ???.

  • sorry, i dont have understand your answer.

    I am totally confused !!!

    Can you explain exactly when a WebPolicy works?

    When is an application rule used.

    I am confused because you can select both in a firewall rule.

  • A web policy is for URLs eg websites, application policy is for things like teamviewer, tor browser, etc You can have both when you want to restrict an application to work through a specific web server.  Or conversely stop an application using a website.

    ian

     
    V18.5.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • yes I am aware of that.

    Unfortunately I did not understand when to use a web policy or an application filter in the firewall rule.

    Apparently it is so or are there constellations that it does not always work?

    I still haven't understood what the WebPolicy or application filter setting in the firewall rule is doing.

  • Put simply they are used to manage access or deny access to certain things because a number of things can exist at the same address.
    ian

     
    V18.5.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • tell me please, what happen here in this rule.

  • Application control and web control are not the same. 

    application control filters on all ports, if the appliance can regnonise the traffic based on pattern (Sometimes port, sometimes special written applications signatures etc.).

    Web filter is applied to HTTP/s Traffic (port80/443) and will be applied to all traffic, that can be filtered. 

    In this rule: you are decrypting the traffic, which can be an issue, if you do not know the basic rules of decryption. See: https://support.sophos.com/support/s/article/KB-000038420?language=en_US

    Then you apply a app control and a web control rule, based on the traffic, those devices are generating. And only in the certain time based field. 

    BTW: The rule is disabled. 

    __________________________________________________________________________________________________________________

  • ok, yes the rule is deactivated :-) because I have the problem with the functionality of the firewall rules.

    I will read this through. But it makes sense in the operation etc. for me it is absolutely incomprehensible what this benefit is actually supposed to be looking for in the firewall rule and as far as I can remember it was not organized that way in the SG.

  • What does that mean in a brief overview.

    Both filter options cannot be used in one rule at the same time?

  • You can merge filter options in a policy. You also need to change the services to http and https. If you want to block access you also need to install the ca on the pc. What other rules do you have for the kinder group outside of your time limit?

    ian

     
    V18.5.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • There is a difference in a application based traffic and a web based traffic. Generally speaking a web based traffic looks like a browser is opening a connection to a website. A application could be something like spotify on windows. It looks like a web based traffic but could be categorized by the appliances as a application. 

    Start simply. Do a Client to WAN rule without any filter. Check if this works fine. Then enable the first filter. Check if everything works as expected and work towards the goal. Do not enable all filters at once if you do not know, what each and every filter means. 

    __________________________________________________________________________________________________________________

Reply
  • There is a difference in a application based traffic and a web based traffic. Generally speaking a web based traffic looks like a browser is opening a connection to a website. A application could be something like spotify on windows. It looks like a web based traffic but could be categorized by the appliances as a application. 

    Start simply. Do a Client to WAN rule without any filter. Check if this works fine. Then enable the first filter. Check if everything works as expected and work towards the goal. Do not enable all filters at once if you do not know, what each and every filter means. 

    __________________________________________________________________________________________________________________

Children