Custom URL Category in security rule - traffic log shows allowed with "any" in URL Category field

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Custom URL Category in security rule - traffic log shows allowed with "any" in URL Category field

L2 Linker

I've read the articles about the processes that take place when analyzing traffic and understand that sometimes there could be an allow status when it seems there shouldn't be.  However it also seems that if the traffic truly shouldn't be allowed there would be an associated log entry with some kind of denial.
In my case there is no associated denial and I'm would still like to know why this traffic seems to be allowed when apparently not matching my Custom URL Category.
Forgive me if I'm still just misunderstanding something about this.


Here's what I'm seeing in my logs:



L7 Applicator

What if you also create a URL Filtering Profile (call it Alert All URL), configured with "alert" for all categories, and attach it to this rule?

Hi @herrmoss


Because of the any I think the reason is one of the following:

  • You did not attach the custom URL category to the policy
  • Traffic hits a rule before your rule with the attached custom URL category


If you share some more screenshots (logs with column 'rule', security policy in question, custom URL category), we should be able to help 😉




Thanks for the reply.

Unfortunately we don't have a URL Filtering license as we have another solution for that function.


For that what you intended to do (at least what I understood) - blocking or allowing specific websites with a custom URL category directly referenced in the security policy, you don't need an URL filtering license. Even for the logging part, mentionned by @jvalentine, there are workarounds that you will see the URL logs, without the license (only a workaround, not a recommended way)


Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!