Multiple answers! For clarity, I assume when you say URL category, you mean URL category in a security policy rule.
- "Recently we've found that traffic not within a URL category specified in a rule is being allowed." Any subsequent security policy rule allowing web-browsing or ssl will allow the traffic. Only traffic matching your category will match your rule. The advantage to URL filtering is that the security policy rule will match all web-browsing or ssl traffic, and not look for a subsequent security policy rule match.
- "Would using the same category within a URL filter differ than only having a category configured?" Yes, because it can perform different functions for different categories.
- "Is there a time to use categories only instead of a filter?" The most common example is if you want to use the additional fields in the security policy rule. For example, HR (source user) is allowed to go to YouTube for training videos.
- "My concern in using a filter is that it will block traffic allowed by another filter further down the ruleset." This is the preferred implementation of pre-defined categories in URL filtering. If you block a pre-defined category, you want to block all URLs in the category even if they match other pre-defined URL categories. The entries above the pre-defined categories allow exceptions to this rule and the priority is from top down.
- "Does it not defeat the purpose of a filter to only alert on a single category and the remaining ones are set to none or block?" No. Your URL filtering example allows for a flexible corporate security policy and logging.
Help the community: Like helpful comments and mark solutions.
