I have created a custom URL category for a site and have a security policy to allow specific applications to that category but the results are inconsistent and when I review the log, when the traffic was successful the URL Category shows as the custom category and whenever it fails, it shows the URL category as a default PAN category (in this case computer-and-internet-info) despite the destination IP addresses being the same. I can see the traffic shows as decrypted, it shows the expected application, ports, etc... it's just the resulting category that seems to change.
When I do security policy test, the proper rule is returned but live traffic it fails.
Is there something obvious I am missing?
I did this comparison before the post and it's how I saw that the URL category is different when it's blocked than when it is allowed.
So to use MS Teams as example, say the site is media.teams.microsoft.com. This URL is added to a custom URL category. Then in the security policy the application is ms-teams-downloading and ms-teams-uploading, ports are tcp 80/443, URL category is the custom URL category object and I have some basic profiles in the actions tab.
When traffic goes to the IP for media.teams.microsoft.com and the application is ms-teams-uploading, traffic is allowed and the log shows the category as the custom URL object. When traffic goes to the IP for media.teams.microsoft.com and the application is ms-teams-downloading, the traffic is blocked and the category is the default PAN computer-and-internet-info.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!