I am trying to create a security environment for a device to block all internet traffic except for the X amount of websites I have specified. I created a group policy for this device and I have tried varying configuration settings.
I have denied all HTTP/S traffic in the firewall rules, but listed all the whitelisted websites and it doesn't work nor was I expecting this to work.
I have allowed all HTTP/S traffic outbound in the firewall rules, used an * in the Blocked URL Patterns, and added all the whitelist sites and I can't get anywhere. I get a denied message at all HTTP sites and HTTPS websites won't even load.
Lastly, I have allowed all HTTP/S traffic in the firewall rules, put nothing in the Blocked URL Patterns, all the same whitelisted pages, and I can go anywhere on the internet, which I expected.
I want to say that my second configuration is how it's supposed to work, but I'm rather new using this device. Any and all help is appreciated.
Solved! Go to Solution.
It is best to use content filtering.
Block everything with a * and then add in what is allowed. Here is a screenshot only allowing access to *.google.com domains.
Note after making a change allow a good 5 minutes for it to take effect.
If you go Network-Wide/Clients and click on the client, and under Policy in the bottom left you click "Show Details" - is it showing the group policy to be applied as expected?
Failing that; make sure you have quit the web browser and restarted.
Failing that; reboot the MX. Note the content filtering wont kick in straight away.
I have checked the clients and it does appear the policy is applied to the client.
I have rebooted the firewall and restarted the browser, as well. Below is a picture of what I have in the Group Policies window. For every *.url.com/* there is a url.com/*. Am I using the wildcards incorrectly? I manage another different kind of firewall that uses this type of URL whitelisting.