Author Topic: Firewall not blocking network object  (Read 367 times)

Rii_M

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Firewall not blocking network object
« on: August 12, 2017, 02:56:16 am »
I tried to implement a network object (blocked urls) and have it blocked at Firewall level but it does not seem to block https sites. I need to block certain (http, https sites) like (xvideos pornsites etc) content from office computers. I also have bandwidth issues with Windows 10 machines in LAN eating away my bandwidth and bringing web browsing to a painful experience. I would like to block out some windows update IPs like 13.107.4.50 that hog the bandwidth.

I've tried http proxy with or without transparent proxy but only works for http. Other searched posts recommend https at the FW level but I cant seem to get it to work. I dont want to setup proxy at client level. Transparent proxy seems to get web pages faster as I have set bandwidth throttling.

My setup is such:
 
FW > Packet Filter >Filtering Rules from internal networks to Zentyal
Decision>Deny
Sourec>blocked urls (network object ie range of blocked IPs of certain sites)
Servics>HTTPS
(same setup for http service)

FW > Packet Filter >Filtering Rules from external networks to Zentyal
Decision>Deny
Sourec>blocked urls (network object)
Servics>HTTPS
(same setup for http service)

FW > Packet Filter >Filtering Rules for internal networks
Decision>Deny
Sourec>lan users (network object ie range of IPs for lan users)
Destination> blocked urls (network object)
Servics>HTTPS
(same setup for http service)

FW > Packet Filter >Traffic coming out from Zentyal
Decision>Deny
Sourec>blocked urls (network object)
Servics>HTTPS
(same setup for http service)

None of these seem to work. I still get for example xvideos.com popping up at client browser. Tried with proxy (both modes) and only works for http. Maybe I'm missing something here..

Using Zentyal 5 Community Edition..setup and updated recently