We unfortunately use a smtp server with fqdn. (cannot use fqdn object for certain reasons)
And we implemented a security policy with the url category in the "Service/URL Category" section of the security policy.
In the security policy, the application allowed is smtp and port allowed is 25.
When we test, the connection does not match this rule at all. We are making sure that indeed the application tirggered is smtp on port 25.
So is URL Category in Security Policy only applied when the application is web-browsing/ssl and port is 80/443 ?
Thanks for the quick reply! But then how to solve the issue:
We want to allow smtp on port 25 only as application and destination is a url category, attached in "service/url category" of a security policy. (We are not using fqdn object because the refresh time can be minimum only 10 minutes and the server changes the ip more frequently)
So any suggestions?
to answer your first question "So is URL Category in Security Policy only applied when the application is web-browsing/ssl and port is 80/443 ?" i believe the answer is no. the url category can match on any port or application.
as for a possible solution to the problem; have you tried using a seperate security profile with a custom url-filtering profile that allows the category?
If you cannot use the fqdn, I would create an address group with all the possible IP's the fqdn resolves to and use that as the destination.
(If it changes so rapidly, I presume it's for load balancing and the number of IP's will be limited...)
Hi @rjdahav163 ,
Any application with a dependency on web-browsing.
May I add that you can use URL categories not only for web-browsing dependent applications. Actually also for almost every TLS encrypted connection like SMTPs. So if your connection is encrypted the solution with an URL category probably works as the firewalls also checks for hostnames in the SNI extension and also the CN of a certificate in a TLS connection.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!