Get Started with WebBlocker

To use WebBlocker, you must define WebBlocker actions for at least one WebBlocker profile, which specifies the type of server to use and the content categories to block. Then you can apply the WebBlocker profile to an HTTP or HTTPS proxy policy with a user-defined proxy action.

When a user tries to visit a web site, your XTM device sends a request to the WebBlocker Server to find out if the user can get access to that web site based on the site category. The result of this request is saved in a cache. You can change the size of this cache to improve performance.

WebBlocker Server Options

Before you configure a WebBlocker profile, you must decide what type of server you want to use, and install a local WebBlocker Server, if necessary.

The WebBlocker server options are:

Use the Websense cloud for WebBlocker lookups

Websense cloud is a URL categorization database provided by Websense. The Websense cloud option has over 130 categories and does not use a locally installed WebBlocker Server. When you create a new WebBlocker profile, this option is selected by default.

Use a WebBlocker Server with SurfControl

The WebBlocker Server is a WatchGuard server that uses a URL categorization database provided by SurfControl. The SurfControl database has 54 categories. If you select this option for any XTM device other than an XTM 2 Series or XTM 33, you must add the IP address of at least one locally installed WebBlocker Server.

For information about how to set up a local WebBlocker Server, see Install a Local WebBlocker Server.

Create a WebBlocker Profile

  1. Select Subscription Services > WebBlocker.
    The WebBlocker page appears.

Screen shot of the WebBlocker page

  1. In the WebBlocker Actions section, click Add.
    The Add WebBlocker Action page appears.

Screen shot of the WebBlocker Servers tab

  1. In the Profile Name text box, type a name for the WebBlocker configuration.
  2. Configure the WebBlocker settings.

The WebBlocker profile page includes tabs to you can use to:

Configure the HTTP-Proxy and HTTPS-Proxy Policies

To use WebBlocker, your configuration must have an HTTP-proxy and an HTTPS-proxy that each use a user-defined proxy action. If you do not already have these policies, you must create them.

To make sure your HTTP-proxy and the HTTPS-proxy policies use a user-defined proxy action:

  1. Select Firewall > Firewall Policies.
  2. Select the proxy policy you want to edit.
  3. Select the Proxy Action tab.
  4. Look at the Proxy Action setting.
    If (predefined) appears adjacent to the Proxy Action drop-down list, the selected proxy action is not a user-defined proxy action.
  5. To add a user-defined proxy action, select the proxy action from the Proxy Action drop-down list, or select Clone the current proxy action to create a new user-defined proxy action.
  6. Click Save.

For more information about proxy actions, see About Proxy Actions.

Apply a WebBlocker Profile to HTTP and HTTPS Proxy Actions

To enable WebBlocker for an HTTP-proxy or HTTPS-proxy policy, you apply a WebBlocker profile to the proxy action the policy uses. You can only apply a WebBlocker profile to a user-created proxy action. For WebBlocker to block all web content that matches the configured categories, you must enable WebBlocker in both the HTTP-proxy and HTTPS-proxy policies.

To apply a WebBlocker profile to a proxy action:

  1. In the WebBlocker Policies section, select one or more HTTP or HTTPS proxy actions to configure.
  2. From the Select Action drop-down list, select the WebBlocker action to use for the selected policies.

Screen shot of the WebBlocker Proxies section of WebBlocker settings page

  1. Click Save.
    All proxy policies that use the HTTP and HTTPS actions use the WebBlocker profile you applied.

If you enable deep inspection in the HTTPS-proxy action, make sure that you also enable WebBlocker in the HTTP-proxy action used for deep inspection. For more information, see HTTPS-Proxy: Content Inspection.

See Also

About WebBlocker Subscription Services Expiration

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base