URL filtering based on source IP?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

URL filtering based on source IP?

L4 Transporter

Is this possible?  I assume it is but not sure how to allow it while applying all the other policies I already have in place across the board.  

5 REPLIES 5

Cyber Elite
Cyber Elite

This should be relatively easy to do, as you would just create an additional policy specifically for that source with it's own custom URL Fitlering profile. What exactly are you trying to accomplish, and where are you running into issues if you've tried it already? 

I guess what I was wondering is if I just made a policy for source network > any > any and applied that very specific URL filter would it stop processing the policies after that one for hosts within that specific source network?  

PA analyses security policies from top to bottom until it finds one that matches that session, once it finds a matching security policy that is the one it's going to utilize. 

Not knowing how secure you are trying to make things or anything like that, I would say lock it down to whatever it is you want it to stop. If you create a URL filtering profile that includes a custom category such as 'Streaming Media' that you've created so that Netflix, Hulu, Sling and the like are all blocked at a URL level with a block action; it's likely that you don't really care what application or what service the traffic is using, you simply want to block all traffic. In that situation you'd probably be fine leaving application and service as 'any', as there really wouldn't be any other reason to communicate with those URLs. 

 

 

In this case I want to allow users on a certain subnet to access already blocked websites (IE no filtering whatsoever), so I assume this poicy would need to be at the top of the list?  IE before all the policies that enforce URL filtering? 

@drewdown,

The policy would need to be placed before the rule that doesn't allow the user to access these websites. You can find this information by looking at the logs on the firewall, once you've verified what rule is actually blocking the traffic simply place the new rule above that one. 

If you constantly find yourself putting things at the top of your security policies you're going to run into a situation where you'll start breaking things; it's best to identify the correct place for the policy and question and put the policy exactly where it needs to be at the beginning. 

  • 2181 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!