topic Re: URL filtering - allows blocked traffic in Next-Generation Firewall Discussions

URL filtering - allows blocked traffic

Robert2 — Tue, 08 Jul 2025 14:39:09 GMT

URL filtering logs show web traffic that matches a custom URL category that we use to block / deny traffic to certain malicious domains, but the traffic doesn't match the deny rule, it matches a generic rule we have for https/http traffic.

Why would the firewall clearly show on the URL filtering logs that it matches the URL category used for blocking but not assign that traffic to the specific rule and block the traffic.

Anyone seen this before, my team are trying to establish is this traffic is getting through the firewalls or not.

Thanks

Re: URL filtering - allows blocked traffic

Robert2 — Tue, 08 Jul 2025 15:25:53 GMT

screeshot of URL filtering logs

Re: URL filtering - allows blocked traffic

OtakarKlier — Wed, 09 Jul 2025 19:43:23 GMT

Hello,

Check which security policy its hitting and then check if that policy is higher on the security policy list than the one that should apply.

The firewall reads policies for matches top to bottom and left to right.

Regards,

Re: URL filtering - allows blocked traffic

Robert2 — Thu, 10 Jul 2025 08:17:46 GMT

Yes, I have checked that already. The block rule is high up on the rule base, while the rule the traffic is hitting is at the bottom.

Thanks for replying though.

Re: URL filtering - allows blocked traffic

nohash4u — Thu, 10 Jul 2025 15:24:57 GMT

Hi @Robert2,

Can you confirm the custom URL category is set to an action of block within a URL filtering profile?

Furthermore, can you confirm the URL filtering profile is applied correctly (either directly or listed within a Security Profile Group) to the block rule you mentioned?