topic Re: Traffic Thourhg the intended Security Rule in General Topics

Traffic Thourhg the intended Security Rule

mshamsan — Fri, 18 Jun 2021 10:34:41 GMT

Hello,

I have configured a new Security Rule on top (#9 in the picture down) to Block traffic intended to a Custom URL configured in the profile Block_Files

* TOP RULE *

Source Zone: any
Source Address: any
Destination Zone: any
Destination Address: any

* NEXT RULE *

Source Zone: Trust
Source Address: 10.10.10.10
Destination Zone: Internet
Destination Address: any

But the problem when I try to connect to the Custom URL defined in Block_Files the request goes through the next Security Rule set for 10.10.10.10, i.e., although the traffic or URL is matching the Custom URL defined in Block_Files, but it does not go through nor blocked by the Security Rule on top!!

Is the above Rule valid/correct

Thank you ...

Re: Traffic Thourhg the intended Security Rule

kiwi — Fri, 18 Jun 2021 11:44:38 GMT

Hi @mshamsan ,

There is no picture ?

How have you setup the rules exactly (applications, ports, services, etc... ) ? How is the traffic identified ?

Cheers,

-Kiwi.

Re: Traffic Thourhg the intended Security Rule

BPry — Fri, 18 Jun 2021 14:00:35 GMT

@mshamsan,

In addition to what @kiwi has already asked, if you setup a URL-Filtering profile with all categories set to "alert" (or just setup your custom category with the alert action) you'll be able to look at your URL logs to see how the firewall is categorizing the traffic.

Re: Traffic Thourhg the intended Security Rule

mshamsan — Sun, 27 Jun 2021 16:19:54 GMT

Hi Kiwi,

Thank you ..

Actually, I have setup/added an application under Applications tab, to the same, so since I am not using this application to connect to the internet, then the conditions were never met, i.e., the traffic was not matching this rule and the traffic was intercepted by next rule!

Now everything is fine, after removing the Application and kept the URL Profile.

Thank you ...