So having patch luck with content filtering. I have both Porn and Games listed under "Category Filtering -> Blocked Website Categories" on our MX. We do have a Catalyst switch for L3 functions so I am not sure if that has something to do with it. But for pure metaphorical reasons, lets say playboy.com and hustlerholloywood.com are both being let through, and the loopup tool is still showing them both as porn. But Newgrounds.com which is being seen as games, is being blocked because its a games site.
Any ideas on where to start to look for this?
So hits against content filtering should show up in your event log. The address can be truncated, which is annoying.
You're not seeing hits there, and you're able to successfully hit those website's front pages? Is that what you're seeing?
I got the green light to test from my machine to see if I can actively see the sites. I can reach them from my machine, I am not seeing them being hit. I am seeing a lot of hits for parked domains and for social networking (Also listed to block) but the adult content is not being blocked.
It seems other adult websites are being blocked but at least these two are not being blocked.
Is your filtering set to "full list"?
No. If I set it to full list DNS times out all the time.
@TBisel wrote:No. If I set it to full list DNS times out all the time.
Yeah, it'll do that til it builds up the cache. Full list can be a bear!
Below the blocked categories box, there's a lookup tool. Is playboy.com coming up as categorized as adult & pornography?
If so, what's your firmware version? I had an issue recently with a misclassification. Solution was update firmware (as it was behind) and bounce the firewall.
Yea we gave it two months to try and build it but we have stupid expensive internet connections here and my Systems Admin wasn't having it. Two 200MB symmetrical WAN connections and a 150MB Symmetrical fiber to another site. Me explaining that it was set to full list and it would take time to build just wasn't cutting it.
Playboy and Hustler is showing up categorized correctly in the tool. Firmware is sitting at 14.39 with an update available. Going to have to try that.
It does get blocked with full list
You can stil use the url block
@TBisel if you've got an upgrade queued, I'd definitely give that a try. As I said, I think, going from 14.39 to 14.40 resolved a similar content filter issue for me. It was support's first recommendation.
If you have them defined globally then it should work.
Exceptions are if you have assigned group policies against clients that override it (such as whitelisted clients).
If you are doing it in group policies assigned to clients then those clients need to be using the MX as their default gateway (they can not be routed through another L3 device).
What if I track by IP Address can the blocking still be done by group policy? I dont think this is whats going on but I do want to check.
Tracking has no impact on the way group policy is applied.