Url Filtering

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Url Filtering

L3 Networker

I am trying to figure out url filtering.  My company has me blocking web-based email url category.   I have just been asked to allow certain users access to https://gmail.google.com so I created a custom url category and placed https://gmail.google.com in it and then created a rule with the source interface, the domain group and the destination interface, and the custom url category and set it to allow.  I did not add a url profile.   I cannot get this to work.  I keep getting accessed denied.

1 accepted solution

Accepted Solutions

L0 Member

Troubleshoot this by looking in the URL logs.  Look at the syntax in the URL column and model your entries in the custom URL profile off of what is seen in the URL logs.  Sometimes you might need to include *.domain.com/*.

How To Create Custom URL Categories

View solution in original post

6 REPLIES 6

L5 Sessionator

Hi Markk96,

Do you have ssl decryption enabled on your device? If not it might be difficult to what you are trying to achieve as the HTTP GET message for gmail.com would be encrypted, and firewalll would have no idea what URL user is trying to reach.

In the URL category where you have web-based email, go ahead add following under allow list

mail.google.com

google.com

*.google.com

And see if that makes any difference. Hope this helps. Thank you.

L5 Sessionator

markk96

Could you try creating a URL filtering profile as below and refer that in the policy:

gmail_block.JPG

The above URL filtering contains web-based-email category as blocked.

L6 Presenter

Hi Mark,

Clone Existing URL filtering profile, search for custom profile. Allow that custom URL profile.

Now create new rule, reference this particular URL Profile in it.

This is another way and it will work for sure.

Regards,

Hardik Shah

L0 Member

Troubleshoot this by looking in the URL logs.  Look at the syntax in the URL column and model your entries in the custom URL profile off of what is seen in the URL logs.  Sometimes you might need to include *.domain.com/*.

How To Create Custom URL Categories

L3 Networker

How do policy rules work in this case.   If I have the following rules what order should they be in, if users are in a special group to access gmail.  I want to make sure that no other traffic goes over the gmail policy.

1.  allow user group "Allow Gmail" with url category gmail and url policy gmail allow.

2.  all any any any with url policy webased email blocked.

Mark,

The order you have is correct.  The "Any/Any/Any + URL category web based email block." rule must come second since it would shadow the allow rule above.

  • 1 accepted solution
  • 3451 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!