Webblocker does not function

I activated webblocker in my watchguard m570. I added all categories that i need to deny access and i affected my policy to HTTP and HTTPS proxies but no result. please what i have to do ?

Comments

  • What XTM version are you running?

    On your HTTPS proxy action, do you have Inspect enabled?
    If so, the HTTPS proxy uses the WebBlocker profile in the HTTP proxy action to filter the content

    Turn on Logging for Reports on both your HTTP & HTTPS proxy actions, if not already selected. This will cause log records in Traffic Monitor which can help with problem resolution.

    Please post an example HTTP URL where WebBlocker is not working.

    Do you have any policy in your config which can allow HTTP & HTTPS packets which has a higher precedence (lower number) than your HTTP & HTTPS proxy policies ?

  • What XTM version are you running? --> 12.3.1
    On your HTTPS proxy action, do you have Inspect enabled? I cannot approuve if yes or not (all what i see) is that - Application control , geolocalisation, IPS Policy are enabled and my HTTPS-PROXY is enabled too you can see that in the pic.
    See also all the configuration in pics and the example of not working.

    https://ibb.co/p1whTz8
    https://ibb.co/N1mMBGt
    https://ibb.co/qrYz48d
    https://ibb.co/Kw9nXwq
    https://ibb.co/WycCwSR
    https://ibb.co/K9tsmkq

  • You need to edit the HTTP & HTTPS proxy action, and make any needed changes there.
    When you change a default proxy action you will be prompted to save the change as a new proxy action name.

  • Please guide me, i´m newer in watchguard. it´s my first config

  • Select the View/Edit Proxy icon on your HTTPS proxy, on the Action de proxy line.
    The same for the HTTP proxy

    Review these:
    HTTPS-Proxy: Content Inspection
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/https/https_proxy_contentinspection_c.html

    HTTP Request: General Settings
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/http/http_req_gen_settings_c.html

    You can access specific Help documentation pages by clicking on the Help button on a Policy Manager screen.

  • i did all of this.
    result : somes URLs are blocked but i don´t see any deny/warn message to indicate that the firewall blocked the URL

  • To see deny log messages in Traffic Monitor for denies caused by WebBlocker:
    On your HTTPS proxy action -> WebBlocker tab, you do have "Log this action" selected ?
    If not, select it.
    You can also select the "Log this action" on Subscription Services -> WebBlocker -> Configure on each of the WebBlocker actions there.
    Make sure that the ones used on your HTTP & HTTPS proxies have "Log this action" selected.

    For sites which are blocked by the HTTP proxy, users should see a deny message on their web browsers which reflects the HTTP proxy action Deny Message.

    For sites which are blocked by the HTTPS proxy, I believe that the only way that a user would see a deny message on their web browser is if Inspect is enabled on the HTTPS proxy action, and then the users should see a deny message on their web browsers which reflects the Deny Message from the HTTP proxy action specified on the HTTPS proxy action.

    Note that implementing Inspect requires the installation of a cert on the client machines.
    Review this:
    Use Certificates with HTTPS Proxy Content Inspection
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/certificates/cert_https_proxy_resign_c.html?Highlight=https certificate

    Many sites, including mine, use Inspect.

Sign In to comment.