This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filter allow everything only block malware

Hello, 

 

I have the UTM set up at home and would like to turn the webfilter from block everything and allow exceptions to allow everything and block certain things. Basically all I need it for is to block malware on the network but I noticed that filtering blocks a ton of things that I need add exceptions for. I have the https scanning set up with certificates to all of the computers. Is there anyway to do this?



This thread was automatically locked due to age.
Parents
  • Quick Fix:   You need to change your "Base Policy" from "Default Filter Block Action" to "Default Filter Action".

    This is found at "Web Protection... Web Filtering... Policies... 

    then click on "Base Policy" at the bottom of the window and change the property.

    BETTER:

    Clone this policy, study it, and tailor it to your situation.   "Malware" is not a well-defined thing.   90% of your protection comes from not going to sites that might be hostile, 10% comes from detecting hostile content in the replies from the web servers that you do contact.   Do you need content from Russia?   If not, then block it.   Do you need Weapons?   If not, then block it.

    URLs are assigned to categories (their purpose) and reputation.   I recommend configuring your policy to block reputation Suspicious and worse.   I also block categories associated with unethical activity, from school cheating to software piracy to pornography.  I also use country blocking, and create a web exception to exclude URL filtering when I need a specific site.

    You also need to know that your risk has almost nothing to do with which sites you request.   Most of your sites will include content from domains whose name you do not recognize.   Any site can be infected and attempt to redirect you to hostile sites invisibly.

    Finally, turn on IPS.  It inspects web replies in ways that the standard web proxy does not.   So you need both.

  • Hello, 

    That is how I have the base policy set right now. The main issue seems to be the scan and decrypt that breaks websites especially on the mobile devices. 

     

    I will try your second suggestion and see I can tailor it to more accurate filters. But as for blocking malware, I really want the UTM to act as a firewall ( so I can block certain devices and such) and scan traffic and if malware is found block it. If it is unknown to it, I would like it to pass it through, I have local security on the endpoints and on the DNS side to handle that unknown files. The way my security is set up is as follows:

    DNS security = Comodo Dome

    Sophos UTM

    End point Security (with active sandbox to sandbox all unknown programs)

Reply
  • Hello, 

    That is how I have the base policy set right now. The main issue seems to be the scan and decrypt that breaks websites especially on the mobile devices. 

     

    I will try your second suggestion and see I can tailor it to more accurate filters. But as for blocking malware, I really want the UTM to act as a firewall ( so I can block certain devices and such) and scan traffic and if malware is found block it. If it is unknown to it, I would like it to pass it through, I have local security on the endpoints and on the DNS side to handle that unknown files. The way my security is set up is as follows:

    DNS security = Comodo Dome

    Sophos UTM

    End point Security (with active sandbox to sandbox all unknown programs)

Children
No Data