Block Top level domain via firewall?

Not, possible, Tom.  Name servers have no idea of what to do with anything other than an FQDN.  Do you have some new student that's found a way around Web Filtering?

Cheers - Bob

Unfortunately, it's a constant battle with new sites popping up every minute. They seem to favor the .ru top level domain. I tried using country blocking, which seemed to help some, but some of the sites are registered with US IP addresses. It's always fine line between security and usability.

How to Block Access to a Complete TLD

Tom, I just though of a way to block access to anything with a TLD of ru. [6]

On the 'Request Route' tab in 'Network Services >> DNS', create one for ru that points at a non-existant IP.  Once that's active, any attempt to get name resolution for an ru FQDN will hang for ten seconds and then report "unknown host" to the requesting application.  Note that this requires the UTM to be the first forwarder for your internal name server(s) and the second for devices getting DHCP from you.  You will want to use DNS Best Practice, and you might want to drop all outbound DNS requests.

Cheers - Bob

NOTE 2016-11-02: See my post below where I pass on a better idea from Sophos' Greg Hammond.

That's interesting. We not use the UTM for client DNS requests, but I could implement this at our primary DNS server inside our network. Thanks for the tip.

Tom, look at the link I provided.  It suggests that the UTM be the first forwarder for your internal DNS server and the second assigned to clients after your internal DNS server.

Cheers - Bob

Tom, look at the link I provided.  It suggests that the UTM be the first forwarder for your internal DNS server and the second assigned to clients after your internal DNS server.

Cheers - Bob