I created a security policy as below. However, I find all traffic will go through this policy. Do you have any idea? Thanks
Service: 443, 80 and specific port
URL Category: Custom (*.s3.amazonaws.com)
Hi @PChow4 ,
Yes, with the type of policy you have written, you will see that it is showing allowed traffic logs for rest traffic also. But actually those session would only TCP and/or SSL sessions created with the destination. Once URL category is matched, the final decision will be made if traffic needs to be allow or drop. I would recommend you to verify complete traffic logs by opening it and you will see what's actually getting allowed.
Hi @PChow4 ,
You can verify the detailed log view of desired URL category matching traffic vs rest then you will get clarity. But again, answer to your question in one short line - the unwanted traffic matching your rule are for TCP/SSL session created with the destination. At the end, traffic will be allowed based on the matched URL.
Hope it helps!
I further checked the log there are traffic are 2 type of traffic.
- the traffic log detail's category show "any"
- the traffic log detail's category show match my custom category
According to this, the second one is the traffic what I want.
For the first type, may I know how PA handle it? since the traffic log mention it is allowed but it doesn't match the category. So it is dropped or pass to another rule to handle?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!