for example, I would like to create a firewall rule that is used for various clients when using Facebook.
I created various IP hosts, web URLs and also an application filter for Facebook. But it looks like the rule, visible on the basis of the traffic, is not attracted to the rule. Is that basically possible or what would be a procedure.
you need to be using policies which are applied to firewall rules. Are you trying to stop facebook access, also there are default exceptions in there web exceptions for facebook.
the enforcement of…
the enforcement of policies is via firewall rule using web, application and IPS settings in the Proxy or DPI.
if I have understood that correctly, I should use the web filter in the firewall rule and also the application in the firewall rule.
Is that right ???.
sorry, i dont have understand your answer.
I am totally confused !!!
Can you explain exactly when a WebPolicy works?
When is an application rule used.
I am confused because you can select both in a firewall rule.
A web policy is for URLs eg websites, application policy is for things like teamviewer, tor browser, etc You can have both when you want to restrict an application to work through a specific web server. Or conversely stop an application using a website.
yes I am aware of that.
Unfortunately I did not understand when to use a web policy or an application filter in the firewall rule.
Apparently it is so or are there constellations that it does not always work?
I still haven't understood what the WebPolicy or application filter setting in the firewall rule is doing.
Put simply they are used to manage access or deny access to certain things because a number of things can exist at the same address.ian
tell me please, what happen here in this rule.
Application control and web control are not the same.
application control filters on all ports, if the appliance can regnonise the traffic based on pattern (Sometimes port, sometimes special written applications signatures etc.).
Web filter is applied to HTTP/s Traffic (port80/443) and will be applied to all traffic, that can be filtered.
In this rule: you are decrypting the traffic, which can be an issue, if you do not know the basic rules of decryption. See: https://support.sophos.com/support/s/article/KB-000038420?language=en_US
Then you apply a app control and a web control rule, based on the traffic, those devices are generating. And only in the certain time based field.
BTW: The rule is disabled.
ok, yes the rule is deactivated :-) because I have the problem with the functionality of the firewall rules.
I will read this through. But it makes sense in the operation etc. for me it is absolutely incomprehensible what this benefit is actually supposed to be looking for in the firewall rule and as far as I can remember it was not organized that way in the SG.
What does that mean in a brief overview.
Both filter options cannot be used in one rule at the same time?
You can merge filter options in a policy. You also need to change the services to http and https. If you want to block access you also need to install the ca on the pc. What other rules do you have for the kinder group outside of your time limit?
There is a difference in a application based traffic and a web based traffic. Generally speaking a web based traffic looks like a browser is opening a connection to a website. A application could be something like spotify on windows. It looks like a web based traffic but could be categorized by the appliances as a application.
Start simply. Do a Client to WAN rule without any filter. Check if this works fine. Then enable the first filter. Check if everything works as expected and work towards the goal. Do not enable all filters at once if you do not know, what each and every filter means.
so I can answer again. After that someone meant to report this thread.
I don't know what that happened, so be it.
Well, I have to say it again. It is absolutely not understandable and transparent how these many constellations in connection with web filters, network rules and also application filters belong together or rather can be configured.
Again, these many constellations are not clear to me how and when I set up the WebFilter etc. or apply them to a rule or not.
I am already aware of a few things what HTTPS and scanning etc. is.
But setting up is absolutely not transparent.
Ok, I also tried to activate and check rules individually.
How can you try to make this setting for Facebook to match the thread name.
Is that possible.?
I am not sure how to explain this in more depth.
It is actually that simply as; Create one rule, attach all block rules of applications and websites you do not want.
That it. Be careful with HTTPS decryption as this will likely kill the client, if not prepared.
I marked one of your answers as abuse since swearing isn’t allowed in the Forum.community.sophos.com/.../sophos-community-terms-and-conditions-of-use