05-03-2010 02:46 PM
we've run some tests on both at client side and in our office lab.
the process for handling url fitlering will start with BLOCK list --> ALLOW list --> URL Category
the logic of it is quite understandable, however, the problem lies with BrightCloud DB. Is it good enough to filter out all the web sites if we were going to "block" all web surfings. If not, using wildcard at BLOCK list will be the best idea, but will this also create problems from those applications that requires "web-browsing" to be allow??
05-03-2010 05:27 PM
Best practice would be to filter based on Bright Cloud categories overall and then use the Block/allow filters for exceptions to those categories - not to handle the brunt of blocking for your web traffic. You can add web-browsing to the application allow list for those applications that are dependant on web-browsing.
05-03-2010 05:27 PM
Best practice would be to filter based on Bright Cloud categories overall and then use the Block/allow filters for exceptions to those categories - not to handle the brunt of blocking for your web traffic. You can add web-browsing to the application allow list for those applications that are dependant on web-browsing.
05-04-2010 09:42 AM
another extend to this question would be also be related to if user did not purchase URL filtering license. How is it possible to block the web-surfings? ex. MS-UPDATES needs to have web-browsing enabled, but users are not allowed to surf any web sites...and without having the URL filtering enabled, how can it be controlled?
05-04-2010 04:25 PM
There wouldn't be a way to block web-browsing for all users and allow an application based on web-browsing for those same users. You'd have to filter based on users who are completely denied web-browsing and those who are allowed web-browsing and ms-updates.
05-26-2010 08:50 AM
This is another example of why DNS names should be allowed directly in security policy 
Very simplified/compact example:
1) outbound 10.0.0.0 web-browsing update.microsoft.com allow
2) outbound 10.0.0.0 web-browsing deny logforwardprofile email alert (IPS)
3) inbound vendor.com(dynamic IP) ssh 10.0.0.0 allow
URL Filter = Rule 1 and 2 would be combined allow/deny and logforward is all traffic, not just 'monitored'. Rule 3 is not possible.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
