Reviving very old post but nowhere else can I find anything similar. So how does this work? The rule is that "When a user attempts to access a URL and the URL category needs to be determined, the firewall will compare the URL with the following components until a match has been found: 1. Block list of the matching URL profile 2. Allow list of the matching URL profile 3. Custom categories that have been defined 4. DP URL cache 5. MP URL cache 6. Cloud systems" If Allow takes precedence over Custom categories, how can you see the allowed sites? i.e. if I put *.facebook.com and facebook.com in the URL Filtering Allow list, and also add them to a custom URL category called "show_me_allowed", and set the custom Alert Category list to be "Alert", when i browse to Facebook and look at the URL log, I still cannot see it because Allow supersedes Custom. Theoretically: How do we prove that a user who is allowed to access a site during work hours also accessed (or didn't) the site at other times if we can't see it? We do not use the PaloAlto schedules feature. Thanks.
... View more