(SOLVED) Google is frustrating: Google YES / Google ADS NO

[ArminF]

Hei,
i have to bother you again but this drives me mad.
We do use most of the google offered services.

Mail, meet, hangout, photos, translate, maps, youtube.. etc...

BUT we do not want analytics or ads from them.
So i configured Sensei as follow:

App Control -> allow all needed Google services BUT block Ads and Analytics
Web Control -> whitelist google.com, youtube and all of the known subdomains.

But still Sensei does block me translate.google.com and you see it in the report blocked as Ads.

As soon i allow Google ADS the translate.google.com page does load.
If not allowed ads the page is blocked even when entered in the Web Control Whitelist.

Anything i do wrong?

I also had to add e1000e.net domain to the whitelist to get deeper into googles jungle and be able to load pictured or files.

Btw. the domain google.com does not seem to be sufficient on the Web control whitelist so i had to add all subs as well.

Anything i miss? do i really have to allow ads to be able to access all sites and services from google?

thanks
armin

[sy]

Hi @ArminF

What is your AppDB version (Status - App & Rules DB Version)?

[ArminF]

Hi Sy,
App & Rules DB Version:   1.6.20201006130256   Last Update: 10/07/2020 13:01
Engine Version:   1.6.1   Last Update: 10/07/2020 13:01

thanks
armin

[sy]

Hi @ArminF,

There is a newer version and it solves the problem. Status - App & Rules DB Version - View Versions - 1.6.20201123073659 - Install.

[ArminF]

Hi Sy,

thank you very much. Will do the installation.


And with the new version would i be able to use the master domain "google.com" and get rid of the subs?
Also may i get rid of the e1000e.domains as well?

Thank you very much for your help! Much appreciated.

armin

[ArminF]

Hi Sy,

so far good news! Could reduce my Whitelist and "still" all is running as it should.
will monitor the blocking in the upcoming days.

thanks!
armin

[ArminF]

Updating the app DB is really important.

Would be cool to have this as "auto" task in cron.

[ittk]

Updating the app DB is really important.

Would be cool to have this as "auto" task in cron.

Isn't it working for you: "It updates automatically every hours and you can do it manually from Status page."

[ArminF]

The installation of the new DB looks like to be triggered manually.

The update from the running DB is automatically.

[ittk]

The installation of the new DB looks like to be triggered manually.

The update from the running DB is automatically.

@sy https://forum.opnsense.org/index.php?action=profile;u=23640

Yes, maybe broken? Anyone can confirm? Would be an big issue, not having the fully AUTO-UPDATE Feature working for such signatures DBs.

My state is this and have not clicked on Check Updates and Reload...

Engine Version:   1.6.1   
Last Update: 10/27/2020 19:07   
App & Rules DB Version:   1.6.20201021092213   
Last Update: 10/27/2020 19:07

[ittk]

Addition: My Testsystem is configured:

Updates and Support   

Check For Updates Automatically ON

But i have this Last Update Check: 11/07/2020 12:35   

Automatically update Databases And Threat Intelligence Data: ON

But i have this: Last Updated: 01/01/1970 01:33   

Enable Engine "Core File" Generation:    OFF

Cited from doc: https://docs.opnsense.org/vendor/sunnyvalley/sensei_install.html#updates-health-check

Check for Updates Automatically: Checks automatically for the updates and creates a notification on the Sensei "Status" page.

Automatically Update Databases and Threat Intelligence Data: Checks automatically for the updates and creates a notification on the Sensei "Status" page.

So it seems there is not full AUTO-INSTALL which have to be initied after an auto-update detected for the signatures DBs, yet? Any reasons for it, why this option seems to lack?

[sy]

Hi,

Sensei warns when detected an update like in the attached screenshot1 then if it isn't installed manually, it updates automatically and shows info like attached screenshot2.

[ArminF]

Thanks Sy!

I will keep an eye on it. I cannot remember seeing this detail.
I had to install the App DB manually.

cheers armin

[ittk]

Hi,

Sensei warns when detected an update like in the attached screenshot1 then if it isn't installed manually, it updates automatically and shows info like attached screenshot2.

And is my Version the latest, see my above Posts.

[ArminF]

Well, this is getting weird...

Did update to latest Version of the App DB cleaned out my whitelist.
And right today it started again.

No meet.google.com, No drive.google.com and so on...
So i had to reenable all the sub domains back to the whitelist.

The thing is that my wife is in home office and she has to rely on working connections.
I must consider to allow google ads in my config sooner or later.

I know there are tons of Ips for google and they do use or offer the same services including the ads.
So its pretty difficult to distinguish between what is green and what red...

.. ... armin