Use URL filtering and Regional blocks

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Use URL filtering and Regional blocks

L0 Member

We block Regions at the moment, so traffic going to Russian IPs are dropped. But lets say that I now need to allow a specific URL to be allowed to Russia. If I make a rule above our block rule that has a custom URL category associated with it and define HTTPS as the service. Will that now force layer 7 inspection on all of that traffic? Or was it always getting layer 7 inspected so it doesn't matter? and do I need to concern myself with any of the URL Category "any" traffic that seems to always be generated.


L2 Linker

This would be difficult to do, since IPs can be blocked through policies but URLs have different IPs coming from. A single url can be redirected through multiple IPs. If you know the exact IP for the URL then you can definitely do it by blocking the region in your policy although having a specific IP allowed in the above policy.


Maybe url allow/bock can be better handled through a DNS than the firewall. Firewall would work more on IP blocks from that region. 


There are still a few docs available on Country blocks below:


Hope this helps,


Thanks & Regards,
Varun Rao

you can block the URL by using FQDN. Create the address object and use give the URLs.

  • 2 replies
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!