10-09-2014 06:36 PM
I am trying to figure out url filtering. My company has me blocking web-based email url category. I have just been asked to allow certain users access to https://gmail.google.com so I created a custom url category and placed https://gmail.google.com in it and then created a rule with the source interface, the domain group and the destination interface, and the custom url category and set it to allow. I did not add a url profile. I cannot get this to work. I keep getting accessed denied.
10-09-2014 08:40 PM
Troubleshoot this by looking in the URL logs. Look at the syntax in the URL column and model your entries in the custom URL profile off of what is seen in the URL logs. Sometimes you might need to include *.domain.com/*.
10-09-2014 06:47 PM
Hi Markk96,
Do you have ssl decryption enabled on your device? If not it might be difficult to what you are trying to achieve as the HTTP GET message for gmail.com would be encrypted, and firewalll would have no idea what URL user is trying to reach.
In the URL category where you have web-based email, go ahead add following under allow list
mail.google.com
google.com
*.google.com
And see if that makes any difference. Hope this helps. Thank you.
10-09-2014 06:50 PM
Could you try creating a URL filtering profile as below and refer that in the policy:
The above URL filtering contains web-based-email category as blocked.
10-09-2014 07:22 PM
Hi Mark,
Clone Existing URL filtering profile, search for custom profile. Allow that custom URL profile.
Now create new rule, reference this particular URL Profile in it.
This is another way and it will work for sure.
Regards,
Hardik Shah
10-09-2014 08:40 PM
Troubleshoot this by looking in the URL logs. Look at the syntax in the URL column and model your entries in the custom URL profile off of what is seen in the URL logs. Sometimes you might need to include *.domain.com/*.
10-09-2014 09:12 PM
How do policy rules work in this case. If I have the following rules what order should they be in, if users are in a special group to access gmail. I want to make sure that no other traffic goes over the gmail policy.
1. allow user group "Allow Gmail" with url category gmail and url policy gmail allow.
2. all any any any with url policy webased email blocked.
10-10-2014 11:02 AM
Mark,
The order you have is correct. The "Any/Any/Any + URL category web based email block." rule must come second since it would shadow the allow rule above.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
