Hi All

Firstly let me start of by saying that this is a very impressive product. I have been looking for something like this for some time, and its great to see a decent quality product (for free) that does what I need!

... that being said, I have a small issue I would like to post to see if I am missing something.

My setup currently:

Cable Internet
|
Checkpoint Firewall
|
Untangle [Bridge Mode] [ver:5.0.3.1-1]
|
LAN Switches
|
Users

My untangle box was setup a week ago and was working flawlessly. A few days ago, I noticed that if I put a site in the web filter block list, it didnt actually get blocked. or logged. This morning, I checked the daily report on the web filter and has no detailed entries for yesterday. In fact when I check the even log on the web filter I have no events for the past few days.

As far as I am aware, I havent changed any settings or checked a box marked "dont-log-events-and-confuse-the-heck-out-of-me".

I did read a post about the web filters needing 5 minutes or so to download or update new site blocks, so i have left it for a few hours but no change.

Part of the reason that I suspect it is not blocking sites, is because it is in bridge mode, with the users gateway being the main firewall - not the untangle box. (however it will restrict users based on the content - ie if they try to download an exe file or media file).

Does the web filter only work if the untagle box is the gateway? and if so, how come it was logging for a while?

Any thoughts, input or suggestions would be appreciated.

Once again - love the product!!!

MJP

Your untangle should be doing what you expect it to do.

Can you give me an overview of your IP schema?

Thanks for the prompt reply!

Cable Internet
|
Checkpoint Firewall
[xxx.xxx.xxx.208] WAN
[192.168.0.1] LAN
|
[192.168.0.70]
Untangle [Bridge Mode] [ver:5.0.3.1-1]
[192.168.0.2]
|
LAN Switches
|
Users
[192.168.0.x]

If you're in bridge mode, Untangle is 192.168.0.70 OR 192.168.0.2 but NOT both. The users gateway address and the Untangle gateway address should both be set to 192.168.0.1. You also have to make sure that there are no static routes to allow users to bypass Untangle. Lack of logging date indicates a possible bypass.

Finally, if you are on the web site that you have asked to be blocked, and the cached copy has a long persistence, you won't get a block. Go to site "X", put a block on site "Y", then try to go to site "Y". If its not in cache, the block happens.

Sorry for the IP confusion.
When I went through the setup I set the external NIC as .70 and the internal NIC as .2

I have just removed a couple of 'pass' entries I had and voila! Web filter started logging away.

This cache you refer to... would you be refering to the local client or the untangle box. If the untangle, is there a way to clear the cache?

I also have a question about the time stamps but I will start a new - more appropriately named thread for that.

thanks mdh

Local client cache. If your browser has a cached copy or a persistent connection to the site that you have put a block on, the connection has already been made. Cached copies all have a "shelf life" as well. Glad its working!

Great -Thanks for your help mdh & juank!