One of the many subscription services available on your WatchGuard firewall is WebBlocker. If you have a valid Feature Key with the WebBlocker service, it can be extremely effective tool in regulating the content your users are able to access. With the recent firmware releases, WatchGuard has updated the way this service can be configured. We’ll walk you through this setup, but first let's take a look at what WebBlocker is, and why it can be so invariably useful.
Getting to Know WebBlocker
WebBlocker’s basic function is to categorize websites. It takes any request from a user and compares the web address against a large database that is constantly being updated to properly categorize the site. This database is pooled from several sources and has a plethora of sites that are already categorized. WebBlocker then decides what to do with that traffic, based on which category the site matches and the settings you've outlined for that category. If the request is allowed, the user will continue on to the requested page, none the wiser. If the request is denied, the user will receive a notification specific to why the request was denied.
Get Started with WebBlocker
There are two ways you can activate WebBlocker. If you do not current have any HTTP or HTTPS proxies, you can use the activation wizard to help get you started. Start by opening the Policy Manager for your Firebox, and navigating to the Subscription Services tab. Here you can see the option for WebBlocker. Select it and click on Activate.
The walk-through wizard will appear to easily guide you through activation; click Next and follow the instructions accordingly.
After you've named the new WebBlocker action, we'll need to select categories to deny, since by default they are all allowed. Here is a quick reference for which categories JSCM Group normally recommends denying.
Lastly, WebBlocker will ask you which proxy policies you would like to create and automatically apply this WebBlocker action to. We recommend selecting HTTP and HTTPS here.
Great! It’s activated, what now?
If you already have HTTP and HTTPS proxies in place or if you need to edit your configuration in the future, you can skip the wizard. For this, navigate to Subscription Services > WebBlocker and choose the Configure option to make changes or add new actions. You will see two tabs, Actions and Policies.
In the Actions tab, you can select an action already created and click edit, or, you can create a new WebBlocker action. In the Policies tab, we can assign our WebBlocker actions to policies. This will have the assigned action watch any traffic using that specific proxy to access web content. To assign an action, just select the policy you would like to assign to. Then use the drop-down menu in the top right of the window. You should see a list of your available WebBlocker actions. Just select the one that best suits your needs.
WebBlocker is blocking a site we need!
Sometimes sites get caught by WebBlocker that you need to allow through. Luckily, WebBlocker has a built-in exception tool to allow for exactly this issue. Under the Exceptions tab you can add, edit, or delete exceptions to the WebBlocker categories. You can explicitly deny or allow a site or domain based on several functions such as expressions, patterns, or IP address.
For example, I want my users to be able to access YouTube for training videos. I would create a new exception with the Add button. I would name the exception “YouTube”. I would select “Action: Allow” and check the log checkbox. For the exception itself we’ll keep the default setting or Pattern match/URL. In the Pattern area, we will add *.youtube.com/*. This allows any traffic to whatever is contained between the asterisks to be allowed through WebBlocker.
Tune in next time!
This concludes the first article in this series about WebBlocker. Join us next month when we take a deeper dive into what WebBlocker can do with categories, and how Administrators can allow certain users access through WebBlocker with bypass credentials.