Hi There, Problem Statement : We have custom URL lists(To allow Azure Endpoints only), also we have EDL(With Minemeld) integrated. As per our Infosec Policy we should not use Minemeld feed for Microsoft as it has some of many wildcard. So desperately creating custom URL for each MSFT end points(viz Defender, AAD heath etc,,) But some of URL is not working. I couldn't fetch the exact URL which is getting blocked(its default implementation PAN that, unlisted URLs will not show in URL filtering tab...? but in the Traffic Tab I am seeing very peculiar; For example: As per below screen shot, Why session is starting the Rule which i configured and fall back to Deny (reset-both with "default deny") category showing EDL-Azure-URL(In fact we have not configured "EDL-Azure-URLs" in the policy.
... View more