Things to check if the filter is not filtering


This article applies to:

  • Web Filter

Question:

Things to check if the Filter is not filtering

Reply

If your Filter is not filtering, here is a checklist of things to look for:

If you have recently rebooted the filter, keep in mind that it may take up to 20-minutes to load the library into memory.  The box cannot filter until the library has loaded.

If you are installing a new filter, you will need to activate your subscription and then perform a Full URL Library Update before it is ready to filter. The Full URL Library Update takes about 2-3 hours to complete.

  • Verify that the server is physically powered-up and online.
  • If the server appears to be powered-up but you still cannot reach the GUI, try connecting a monitor to server to check for any error messages.
  • Verify that "Local Filtering" is ON in System -> Control -> Filter.
  • Verify that "Troubleshooting Mode" is OFF in System -> Diagnostics -> Troubleshooting Mode.
  • If the listening interface is not seeing network traffic, verify that the port on your switch or hub has not gone “bad.”  You can determine which interface is the Listening Device in System -> Mode -> Operation Mode.
  • If you are using a switch, the listening interface should be connected to port on which you've configured a port mirror/span.  A common problem is a broken port mirror.
  • Do a "Library Lookup" on a URL that you know exists in the library database (e.g. www.yahoo.com).  If the results return “The URL/keyword is not in the master library,” this means the daemons responsible for filtering are not enabled.  Verify that Troubleshooting Mode is “off” and local Filtering is “on” (see above). 
  • If you perform a Library Lookup on a URL and the results return one or more categories, the filtering daemons are working properly and the R3000 should be filtering any traffic that it sees.  Be sure that the listening interface is, in fact, seeing traffic (i.e. do a packet capture, see below).
  • Go to System -> Diagnostics -> Troubleshooting Mode.  Temporarily enable troubleshooting mode and then do a packet capture on the listening interface to confirm whether or not the R3000 is seeing traffic.  Be sure to turn Troubleshooting Mode OFF when you’re finished.

This article was previously published as:
8e6 KB 276591

Last Modified 4/17/2012.
https://support.trustwave.com/kb/KnowledgebaseArticle12399.aspx