This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filtering.... Y U NO WORK!

Ok this is REALLY beginning to bug me and I haven't ever managed to get this working so I am just not sure why.

The title is a little misleading due to the web filtering working fine for my "LAN" traffic (using Transparent Mode with AD SSO) "Do not proxy HTTPS traffic in transparent mode" enabled using the Base Policy (Default content filter action) 

 

But what I am trying to do now is create a web filter for my 2 WiFi networks with a default action of "Block All" and then allow services that I want them to have access to. 

I have created a new Filter Profile under "Web Filter Profiles" Allowed Networks is one of my WiFi Networks for testing, Transparent Mode with no Default Authentication with a Base Policy of "Block All" 

If I use the Policy Helpdesk with a URL a source IP within the WiFi network it will tell me that its blocked. 

If I boot up a device with that exact IP, I can browse happily on that and ANY URL.

I'm not sure if this is relevant, but I have added the two Wifi networks to the "Web Surfing" firewall rule that has always been in place and there is a Masquerading rule for my WiFi -> WAN network. 

Would like to get this sorted once and for all. 

HELP!



This thread was automatically locked due to age.
Parents
  • Derrick, show us a line from the Web Filtering log file where an IP that should have been blocked actually reached youtube.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bill,

    Thanks for the reply, If I view the web filter log, while using a device on the wifi network that is supposed to be blocked, it allows me to view and nothing is reported in the log. 

    Its like its completely ignoring the filtering completely. 

    AAARRGHH. 

Reply
  • Hi Bill,

    Thanks for the reply, If I view the web filter log, while using a device on the wifi network that is supposed to be blocked, it allows me to view and nothing is reported in the log. 

    Its like its completely ignoring the filtering completely. 

    AAARRGHH. 

Children
  • That's what I expected, Derrick.  Show a picture of the Web Filtering Profile for the WiFi network you want to block.

    You might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address. For our German-speaking members, I also maintain a version auf Deutsch initially translated by fellow member hallowach when he and I did a major revision in 2013.

    Cheers - Bob
    PS Funny - Bill was my nickname at the RCF for the 5+ years I spent fencing in Europe.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I have no idea why I called you Bill, probably because I was trying to post a reply and this forum kept telling me I was trying to post spam. 

    Attached is 3 screen grabs of the profile I need to work for my WiFi. I just can't understand why its ignoring the filter options. I don't really need the traffic proxied, just want everything on that network blocked by default and then I can start unblocking things. 

    I have wondered if its worth setting the default profile as blocked and then set and unblock for the LAN, add the wifi to use the default profile and unblock stuff as needed, in the hope that it works like I want it to. 

    I remember trying to do this when I first enabled the web filtering and it never worked then lol.

    Cheers... 

    Will PM you in a sec, yeh having that document would be really helpful. 

  • I suppose my end game would be that my LAN web traffic gets filtered as it is but using AD SSO (I am wondering it should be Standard Mode so that HTTPS gets web filtered as well, I am also wondering if they should have a proxy server) 

    My wifi traffic gets filtered but it doesnt need to be authenticated (employees with phones etc) and maybe a guest portal that people can use for temporary access.