Logging of allowed URL attempts without allowing other traffic

User868 — Mon, 01 May 2023 17:01:44 GMT

Here is a simple example on what I am basically trying to do.

We have two rules that allow access to certain domains.

Rule 1 : Allow access to domainX.com

Source: LAN
Destination: IP-Group

Security Profile: URL Filtering (Base-URL-Filtering-Profile)

Rule 2 : Allow access to domainY.com

Source: LAN
Destination: Any
Destination URL Category: DomainY.com
Security Profile: URL Filtering (Base-URL-Filtering-Profile)

Assuming I wish to log the allowed attempts to DomainY, one might suggest that you just need to set the action as alert in the URL Filtering Base-URL-Filtering-Profile for that category. Yes, this is what is currently configured, however, wouldn't this cause web traffic that may have DomainY IP addresses in previous rules to be allowed ? If yes, isn't there a secure way to have it implemented where you are only logging attempts of URL allowed traffic without unintentionally allowing other traffic that could be matched by previous rules.

Re: Logging of allowed URL attempts without allowing other traffic

Raido_Rattameister — Mon, 01 May 2023 17:25:10 GMT

Would something like this work?

Rule 1 is more specific and will match only if website domain FQDN and URL match to domainY

Rule 1 : Allow access to domainY.com

Source: LAN
Destination: FQDN-domainY.com
Destination URL Category: DomainY.com
Security Profile: URL Filtering (Base-URL-Filtering-Profile)

Rule 2 : Allow access to domainX.com

Source: LAN
Destination: IP-Group

Security Profile: URL Filtering (Base-URL-Filtering-Profile)

topic Re: Logging of allowed URL attempts without allowing other traffic in General Topics

Logging of allowed URL attempts without allowing other traffic

Re: Logging of allowed URL attempts without allowing other traffic