4 Replies Latest reply on Jul 24, 2013 2:57 PM by peteris.ervalds

    Internet website blocked

      Hello,

       

      I have configured McAfee firewall so that first there is a rull which blocks access to numerous domains, then there is a rule which allows all HTTP traffic.

       

      Somehow this blocking rule blocks google.com domain although it is not in the blocked domain and host list.

       

      Are there any ideas why this is happening or how to troubleshoot this?

       

      Thanks,

      Peteris

        • 1. Re: Internet website blocked

          Hello,

           

          Can you tell me if you are using domain objects to block access? If so, then it is important to understand how domain objects work. Domain objects rely on reverse DNS, so they may not always be the best option. Take a look at this KB article:

           

          Firewall Enterprise: How Host and Domain network objects work (KB61366)

           

           

          If you are simply trying to block domains, then I recommend taking a look at Smartfilter as it will look at the host header to figure out which web site you someone is trying to access, and block or allow them accordingly.

           

          -Matt

          • 2. Re: Internet website blocked

            OK, now it is clear why it was not wokring as expected.

             

            So I configured custom Smart Filter policy, attached it to firewall policy rule. In the audit I can see written "SF_action: BLOCK", but the website is not actually blocked.

            What am I missing?

             

             

            Thanks,

            Peteris

            • 3. Re: Internet website blocked

              Hello,

               

              That is interesting. If you are seeing the Smartfilter action of block, then I would certainly expect it to be blocked. You may want to contact support at this point to troubleshoot. They will probably want to start will the full audit file and go from there.

               

              Do you think there is a chance that the page is cached on your client or anything?

               

              -Matt

              • 4. Re: Internet website blocked

                I do have to apologize, this "SF_action: BLOCK" audit was for wrong address.

                 

                I added custom website to Smart Filter policy, but in audit for that IP there is no SF action written, it seems that Smart Filter didn't catch this customization.

                 

                I will try to set it up correctly.

                 

                Thanks,

                PÄ“teris