Comments
-
Just when you think it's solved, more irratic behavior appears. I performed a full reset of the box, cloud, everything and at first it appeared to have worked, but then observed the following: -If I disable WebBlocker Override, the firewall inspects the correct sites, but it only sometimes displays the block page for…
-
Another update. It appears there's an "HTTPS-Inspect-All" policy with WebBlocker which was migrated incorrectly from local to cloud, but not visible in the cloud configuration. I plan to simply do a full reset across the board to clear this and any other unexpected migration issues. Just glad I'm not crazy and hopefully…
-
Just an update in case others encounter this issue. Support is taking a closer look as it appears it isn't a configuration issue. The behavior matches a bug that was closed in the past. I'll post again if and when it's resolved.
-
Hi James. Thanks for your reply. It sounds like I have it setup as you described with outgoing policies set to decrypt https pointing to those content filtering. I was hoping to have simply missed a setting somehwere as this is frustrating as decrypting things that are intentionally flagged as bypass decryption can be…
-
Ah, good point.
-
There's actually a simple solution. Clone the proxy firewall policy and activate application control on only one and place it below the other with it deactivated. This way, the rule with WebBlocker will get hit first and the one below will catch anything else.
-
Thanks. Is there a reason why application control would see something like accessing protonvpn.com via a web browser as an application? It appears that's why it throws a DNS error rather than block page. If I turn off application control, it gets inspected and denied properly as a web page. As for NordVPN, I will reach out…
-
Some more information. It appears from the logs that in some caes, it's identifying the browser traffic as an application which makes no sense, but does explain why protonvpn.com simply wouldn't load. Even stranger is nordvpn.com loads even though the logs are saying it was denied.
-
Hi Bruce. I have it partially working, but it isn't consistent. For example, I have "Proxy Avoidance" as deny in the Default WebBlocker list and marked inspect in the AllowAll list. Here are the results when visiting specific pages: https://protonvpn.com shows a DNS error so doesn't load https://mullvad.net shows block…
-
Hi, new WatchGuard user here. Any chance you can post screenshots of the working configuration? Everything else was pretty straightforward to setup on the FireBox, but this particular item has me stumped. I have done the following: -Setup two WebBlocker lists ("Default" with items denied and "AllowAll" with nothing denied)…