07-08-2025 07:39 AM
URL filtering logs show web traffic that matches a custom URL category that we use to block / deny traffic to certain malicious domains, but the traffic doesn't match the deny rule, it matches a generic rule we have for https/http traffic.
Why would the firewall clearly show on the URL filtering logs that it matches the URL category used for blocking but not assign that traffic to the specific rule and block the traffic.
Anyone seen this before, my team are trying to establish is this traffic is getting through the firewalls or not.
Thanks
07-09-2025 12:43 PM
Hello,
Check which security policy its hitting and then check if that policy is higher on the security policy list than the one that should apply.
The firewall reads policies for matches top to bottom and left to right.
Regards,
07-10-2025 01:17 AM
Yes, I have checked that already. The block rule is high up on the rule base, while the rule the traffic is hitting is at the bottom.
Thanks for replying though.
07-10-2025 08:24 AM
Hi @Robert2,
Can you confirm the custom URL category is set to an action of block within a URL filtering profile?
Furthermore, can you confirm the URL filtering profile is applied correctly (either directly or listed within a Security Profile Group) to the block rule you mentioned?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
