URL filtering - allows blocked traffic

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

URL filtering - allows blocked traffic

L1 Bithead

URL filtering logs show web traffic that matches a custom URL category that we use to block / deny traffic to certain malicious domains, but the traffic doesn't match  the deny rule, it matches a generic rule we have for https/http traffic.

Why would the firewall clearly show on the URL filtering logs that it matches the URL category used for blocking but not assign that traffic to the specific rule and block the traffic.

Anyone seen this before, my team are trying to establish is this traffic is getting through the firewalls or not.

 

Thanks  

4 REPLIES 4

L1 Bithead

screeshot of URL filtering logs

Cyber Elite
Cyber Elite

Hello,

Check which security policy its hitting and then check if that policy is higher on the security policy list than the one that should apply.

The firewall reads policies for matches top to bottom and left to right.

Regards,

Yes, I have checked that already. The block rule is high up on the rule base, while the rule the traffic is hitting is at the bottom. 


Thanks for replying though.

L3 Networker

Hi @Robert2

 

Can you confirm the custom URL category is set to an action of block within a URL filtering profile?

Furthermore, can you confirm the URL filtering profile is applied correctly (either directly or listed within a Security Profile Group) to the block rule you mentioned? 

 

 

  • 456 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!