07-23-2013 09:09 AM
OK, let me start out with I am not using the URL filtering profiles, only trying to setup whitelists for outbound web using the custom URL categories.
So I built a rule that allows my trust zone to go out to the untrust using web-browsing app and the custom url category which contains the URLs that need to go out. When I try the connection I'm getting 503 errors and seeing 2 entries in my traffic log. The first one is a start type that is allowed by the rule with an any in the URL category, the second is a deny that is getting dropped by the deny all cleanup rule at the bottom with a not-resolved URL category. What I'm trying to figure out is why it isn't being allowed by the URL category.
07-24-2013 04:49 PM
Since you know what websites you want to specifically allow, you can just add those specific IP's to an Address Group. Then change your first security rule and add that new address group to the list of destinations instead of the any option.
07-25-2013 05:42 AM
The problem with that is I have 8-10 sites that each use between 40-50 IP addresses and can have new ones added as the load increases on them, so I would have a situation where everything could work one day and then the next I would start to see random blocks because they added a new server that isn't in my IP list.
07-25-2013 06:57 AM
why not block on fqdn destoination object?
07-26-2013 12:28 PM
URL filtering enabled : True
You can remove the profile altogether or adjust URL filters accordingly
URL filtering matches in following order.
Block list
Allow list
Custom
DP cache
MP cache
Cloud
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
