This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filtering

Hello,

 

I've recently setup up Sophos UTM 9, this is my first third-party firewall and I'm having a few issues.

 

I cant seem to configure domain blocking, I'm essentially trying to learn how to use the firewall and thought id start basic however black listing site doesn't seem to block them, ive followed many different tutorials online but nothing happens.

 

Any ideas?



This thread was automatically locked due to age.
Parents
  • Hi Jack and welcome to the UTM Community!

    Please show a picture of the Edit of the configuration you think should block the site and then add the line from the Web Filtering log where the access was not blocked.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Above is the images for when I initially set it up (following a tutorial by Sophos) For the logs as far as I can see it doesn't say anything in the Web Filtering log when I try and access the blocked sites

  • I have tried to write a bunch of tutorials on web filtering.    Start with the articles in the Wiki section, which lay out critical concepts.    UTM is unusual, and you need to understand how it works to prevent errors and unhappy surprises caused by wrong assumptions.

    Then read my Web Filtering Lessons Learned post, which is pinned to the top of the Web Filtering sub-forum, when you are ready for advanced topics.

    Whenever you post a web filtering question, it becomes important to know whether you have distributed the CA root certificate, and whether you are doing decrypt-and-scan.

    This functionality is pretty solid.   If your traffic is not honoring an explicit block on FQDN, then you are not hitting the expected Filter Profile or the expected Policy.   The web filtering logs will tell you which of these were chosen. 

  • If there's nothing in the Web Filtering log about these sites, then the traffic is not being processed by Web Filtering, but that's a different problem.

    Instead of complete URLs in the 'Domains' list, you want only the domain names sophos.com and Belfair.com.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • What does the Policy Helpdesk show? The results will tell you which (if any) filter is invoked.

    As Bob already mentioned, generally you will want to enter only FQDNs in the Domains List. In addition to being an administrative nightmare, using full URLs necessitates anticipating all possible iterations of a URL. For instance, something like http://www.domain.com/ might lead to the same page as http://www.domain.com/default.aspx. Even if you account for that, if the website changes to a different platform or merely changes the names of the default pages you would have to adjust your filters...

Reply
  • What does the Policy Helpdesk show? The results will tell you which (if any) filter is invoked.

    As Bob already mentioned, generally you will want to enter only FQDNs in the Domains List. In addition to being an administrative nightmare, using full URLs necessitates anticipating all possible iterations of a URL. For instance, something like http://www.domain.com/ might lead to the same page as http://www.domain.com/default.aspx. Even if you account for that, if the website changes to a different platform or merely changes the names of the default pages you would have to adjust your filters...

Children
No Data