Unable to see port designation for web traffic on port 80 and 443 (and so I am unable to block it with a firewall rule)

Question

I want to block http/https (port 80 and 443) traffic at night for certain IP addresses. However, I am unable to do so. Services that are given a "dstport" are blocked, and the rule is logged. However, http/https traffic on ports 80 and 443 do not have a "dstport" field, and so I think this is why they are not getting blocked. The attached screenshot shows traffic going to port 123 being blocked and logged with rule #3, but traffic headed to the web sails right through (no port designation). Any idea why this is happening? Logs and screenshot of firewall rule order are attached. 
 
 thanks

vilic · Accepted Answer

UTM Web filter module (proxy) has greater priority than firewall services. 
 Explained in Bob's Rule #2: 
 https://community.sophos.com/products/unified-threat-management/astaroorg/f/51/t/22065

vilic · Answer

I've explained similar scenario in more details in this forum post: 
 community.sophos.com/.../283413

korgull · Answer

Ok, this framework did the trick. Here is what I ended up doing, which works for me. 
 First, in the web filter profiles, I created a new profile to control access for my kids 
 
 Then, I edited the profile in the following way: 1) put the hosts into the "Allowed Networks" area. 2) gave the profile a name. 
 
 I then created a policy in the profile. Here I will assign the time period to which this will take effect. I tested it by putting the profile to "Always" (Yeah, there is a place to test the profile as well), I switched the "BedTime" profile afterward. 
 
 Policy entered here: 
 
 That is all there is to it. Until my kids figure out how to change their IP address, this should work for me.