This thread was automatically locked due to age.
Read all of the articles in the Wiki section of this forum. They are short, and contain important information for new users.
The website you mentioned has different IP addresses for clients in different parts of the world, so I cannot match your web address to your log based on IP address. I am assuming that the site you were trying to reach is the same as the red line in the firewall. But this is confusing because the blocked packet is not for https on the standard port of 443, while the web request was for the standard port.
The Policy Helpdesk reports what the Web Filtering component intends to do. If web filtering handles the packet, the results will appear in the Web Filtering log (if logging has been requested.) Your log screen is a firewall log. If the blocked web request is in the firewall log, it means that web filtering was bypassed.
You did not mention which web filtering mode you are trying to use. Transparent Mode only handles packets going to ports 80 and 443. The blocked packet in your firewall log is not one of those ports, it is for a nonstandard port, which is why it would have bypassed Transparent Mode Web Filtering.
Standard Mode Web Filtering can handle traffic on other ports, because the browser asks UTM, "Please fetch this page for me". By default, the Standard Mode proxy will block any traffic on ports other than 80 and 443. You have to tell it which other ports to allow. This is configured in Web Filtering... Misc (tab)... Allowed Target Services (list)
Firewall Rules are evaluated last, and they apply only when a packet is not processed by one of the proxies such as Web Filtering. This behavior is different from other firewall products. "Default Drop" is applied when all of the firewall rules have been applied and none of them told UTM to allow the packet. If you want to allow the packet from 195.175.200.134 port 44893 to 195.175.11.38 port 7547, you need to create a firewall rule that allows this source-destination pair.
When a website is blocked, you will normally get a block message, not "host not found". When "Host Not Found" occurs, it means that the traffic was blocked by something other than the Web Filter. Possibilities include:
Country Blocking rules can also block web traffic, but they should produce a block screen with the name of the blocked country.
Hope this gives you some places to look.
Read all of the articles in the Wiki section of this forum. They are short, and contain important information for new users.
The website you mentioned has different IP addresses for clients in different parts of the world, so I cannot match your web address to your log based on IP address. I am assuming that the site you were trying to reach is the same as the red line in the firewall. But this is confusing because the blocked packet is not for https on the standard port of 443, while the web request was for the standard port.
The Policy Helpdesk reports what the Web Filtering component intends to do. If web filtering handles the packet, the results will appear in the Web Filtering log (if logging has been requested.) Your log screen is a firewall log. If the blocked web request is in the firewall log, it means that web filtering was bypassed.
You did not mention which web filtering mode you are trying to use. Transparent Mode only handles packets going to ports 80 and 443. The blocked packet in your firewall log is not one of those ports, it is for a nonstandard port, which is why it would have bypassed Transparent Mode Web Filtering.
Standard Mode Web Filtering can handle traffic on other ports, because the browser asks UTM, "Please fetch this page for me". By default, the Standard Mode proxy will block any traffic on ports other than 80 and 443. You have to tell it which other ports to allow. This is configured in Web Filtering... Misc (tab)... Allowed Target Services (list)
Firewall Rules are evaluated last, and they apply only when a packet is not processed by one of the proxies such as Web Filtering. This behavior is different from other firewall products. "Default Drop" is applied when all of the firewall rules have been applied and none of them told UTM to allow the packet. If you want to allow the packet from 195.175.200.134 port 44893 to 195.175.11.38 port 7547, you need to create a firewall rule that allows this source-destination pair.
When a website is blocked, you will normally get a block message, not "host not found". When "Host Not Found" occurs, it means that the traffic was blocked by something other than the Web Filter. Possibilities include:
Country Blocking rules can also block web traffic, but they should produce a block screen with the name of the blocked country.
Hope this gives you some places to look.
Hi,
I disabled web, application, and IPS controls. but the situation is the same again. :(
The problem was corrected when I updated firmware in the previous question.