Recommended way to do whitelists/allow lists?

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Recommended way to do whitelists/allow lists?

L4 Transporter

We've just purchased a PA box.

AIUI the recommended way to do a rule that allows (for example) all PC's access to would be to create a URL filtering profile that blocks all categories, and then to add to the allow list of that URL profile.

Then create a rule (likely towards the bottom because of the "block" action for all other URLs) that uses that URL profile.

The problem I can see with that is that if any PC that doesn't normally have internet access tries to access any sites, and they get as far as that rule, rather than falling through to the default "deny all" rule, it will be logged as if they've been trying to visit somewhere/something and it's been blocked by URL filtering, which is slightly different to what I want which is for it to ignore it and only log on that rule if someone visits

Have I missed something in how I should be doing this?



Thanks, slightly counter-intuitive but makes sense now.

L2 Linker

I'd like to formally request that whitelisting exist as a seperate function - apart from URL blocking.  We  have the need to allow only certain domains/urls some of which resolve to Akamai address space which changes randomly.  We also have NIST requirements to LOG everything in a CONSISTANT format.    I suppose we will have to continue to do weekely resolves of the hosts and manually change the destinations until this becomes available.  No fun, that.

@ Frank Henry

Make a new URL profile. Add * to the Allow list, set your categories to alert or block on the right, and you are done.

What else do you need?

When demoing the product, I could not get this to work.  We don't have any desire for URL subscription license, so we cannot BLOCK ALL then have an allow 'whitelist'.  Tried to block *.* and an Allow List, but the Allow List is processed after the Deny List instead of before so the wildcard blocks access.

This is why we'd like to see a whitelist destination 'group' (for lack of a better term) to put into the destination field in the policy.  Obviously the strings in this group would only be applicable to HTTP/HTTPS/FTP.. URIs (and their associated applications/services).  Again, allowing by URI and not the named derived from reverse lookup would be invaluable to many here agencywide and I'm sure to many organizations. - I don't know of any other product that offers this and think it could be a differentiator.


Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!