Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 5734 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Twitter not blocked because of categorization order

Tijani
Hello,
I had setup time based policy to block social networking, but UTM is not blocking Twitter although it is detecting "Twitter" as the application.
When testing the url "twimg.com" through the policy help desk in the UTM, it shows the url category as "Content Server" and not "Social networking". 
I checked the Trusted Source Smart Filter XL database, Twitter is categorized as "Content Server" in the 1st position and "Social networking" in the 3rd position.

I think something is not coherent here and could be fixed :
UTM should do some correlation between "Twitter" as a detected application and "Social networking" as a category,
or,
UTM should check the url against all the categories listed in the Smart Filter XL database and apply the most restrictive schema.
PS: I raised a reassessment ticket to Trusted Source and got a negative feedback.


This thread was automatically locked due to age.
Parents
  • 0
    You didn't say what version you're using.  In 9.3, categorization uses SXL, a different engine than before.  SXL only considers the first category.  You can try the following at the command line as root to change back to CFF:

    cc set http use_sxl_urid 0


    Does categorization then work as you expected?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    You didn't say what version you're using.  In 9.3, categorization uses SXL, a different engine than before.  SXL only considers the first category.  You can try the following at the command line as root to change back to CFF:

    cc set http use_sxl_urid 0


    Does categorization then work as you expected?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Thank you for your reply and sorry for the omission, 
    I 'm using version 9.307-6

    I wasn't aware about this change in web protection.
    So basically, UTM is now using the same web filtering database as the endpoints.
    Now the question is: How do I online check an url to decide if it is badly categorized and needs reassessment, or could it only be done on the UTM policy helpdesk?
Unfiltered HTML