User Guide
59
CHAPTER 9
Controlling Web Traffic
WebBlocker is a feature of the Firebox System that works in conjunction with the
HTTP proxy to provide Web-site filtering capabilities. It enables you to exert fine
control over the type of Web sites that users on your trusted network are allowed to
view.
For more information about WebBlocker and site blocking, see the WebBlocker
section of the
Network Security Handbook
.
How WebBlocker works
WebBlocker relies on a URL database built and maintained by SurfControl. The
WebBlocker database contains more than 65,000 IP addresses and 40,000 directories.
The database is copied to the WatchGuard WebBlocker site at regular intervals. The
Event Processor is automatically configured to download the most recent version of
the database from the WatchGuard WebBlocker site over an authorized channel. In
turn, the Firebox regularly queries the Event Processor for changes and, when
appropriate, downloads a new version and generates a log entry to show the transfer.
If the database is either corrupted, incompletely retrieved, or in any other way
incomplete, the Firebox does not load it. It repeats the attempt until it completes a
successful transfer.
When you restart your Firebox, all Web access is blocked for a brief period of time.
Users might receive the error message “Database not loaded” until the Firebox
downloads a database.
Reverting to old WebBlocker databases
To revert to a previous copy of the WebBlocker database, use the files named
Webblocker.old and Webblocker.old2 found in the installation directory. Rename the
files Webblocker.db and Weblocker.db2, respectively. The Firebox automatically
updates to the latest WebBlocker database the next time it queries Event Processor.
Summary of Contents for Firebox FireboxTM System 4.6
Page 1: ...WatchGuard Firebox System User Guide Firebox System 4 6 ...
Page 16: ...6 ...
Page 20: ...LiveSecurity broadcasts 10 ...
Page 44: ...LiveSecurity Event Processor 34 ...
Page 52: ...Defining a Firebox as a DHCP server 42 ...
Page 68: ...Service precedence 58 ...
Page 78: ...Configuring a service for incoming static NAT 68 ...
Page 92: ...Establishing an OOB connection 82 ...
Page 94: ...84 ...
Page 112: ...HostWatch 102 ...
Page 118: ...Working with log files 108 ...
Page 130: ...120 ...
Page 158: ...Configuring debugging options 148 ...