We have IP Blocklists before the rules for Web Browsing. However, we need to allow some URLs that would otherwise be blocked in the IP Blocklist (subsites of Weebly, don't get me started). Right now I have a Policy above the blocklist that alertss http/https with Service/URL Category/URL Category set for the Custom URL Category for the exemptions. It works, but thousands of other traffic is also applied to it for incomplete application (packet stream ends and it gets applied since it is so high in the list). Can anyone think of a cleaner way to do this? Thanks in advance.
Solved! Go to Solution.
You won't really have a clean way of doing this. The firewall has to allow a handshake to take place so it can actually analyze the URL information to see if it's supposed to match the policy.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!