We block Regions at the moment, so traffic going to Russian IPs are dropped. But lets say that I now need to allow a specific URL to be allowed to Russia. If I make a rule above our block rule that has a custom URL category associated with it and define HTTPS as the service. Will that now force layer 7 inspection on all of that traffic? Or was it always getting layer 7 inspected so it doesn't matter? and do I need to concern myself with any of the URL Category "any" traffic that seems to always be generated.
This would be difficult to do, since IPs can be blocked through policies but URLs have different IPs coming from. A single url can be redirected through multiple IPs. If you know the exact IP for the URL then you can definitely do it by blocking the region in your policy although having a specific IP allowed in the above policy.
Maybe url allow/bock can be better handled through a DNS than the firewall. Firewall would work more on IP blocks from that region.
There are still a few docs available on Country blocks below:
Hope this helps,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!