Readable list of what Sigs/Cats actually block


#1

Please provide a readable list of what the signatures and categories are actually blocking.
We blocked the category “software” today as we are having huge VPN issues, and it broke office365 sharepoint online.

Pretty bad in the middle of internals.


#2

Not sure if you saw the release notes but there now the ability to search for urls etc to see what polices might be blocking them as well as what category they are in.

That may not be quite what you’re looking for though? Let us know if there’s some way you think we could improve this feature!


#3

Thanks for the reply, the new feature is perfect, thank you!!


#4

Just thought i would add to this (ive had a chat to both Colin and Michael about this).

The feature is nice, but you can only search on URLs not on general names.
What would be nice to be able to actually browse the categories to see what is listed under each as well as sub categories etc…
Further to this, based on my experience with Sonicwall’s signature database is that not only being able to browse the categories etc… but the list of items are tagged with a severity level, basically ranked in 3-4 steps whats known as clean/good to dodgy/do not use). And from this being able to quickly and easily filter by severity and create a policy from that. Or simply being able to select what you want from that category.

As an example from John’s initial post. Before going to add ‘software’ to a rule, you could browse that category and just see whats listed. So if you were to see Office365 in the list, then you wouldn’t add it in the first place eliminating having to fix what you just broke. With my second part, this result in again John looking in the category, selecting all and unselecting anything he may want to not block like Office 365. These selections could then be directly injected into an already in place policy via a button which pops up a list of policies, choose the policy, hit save, boom, done.

This could also work in reverse or rather the way it should work. the “Category browser” could be a pop up when editing policies rather than a separate page. this way you can do inplace editing by detailed selection instead of the filtering dropdown list currently used. Furthermore, when editing an already established policy, those items which are already in the policy should be highlighted when browsing those categories so they aren’t added multiple times.
And lastly, when the database gets updated, those new entries could be highlighted.