Hello Team, I have one customer query related to security policy with URL category. Customer query: When the SNI/HTTP header is missing and the URL Category is classified as ‘any’, the processing of that session should be moved to the next security policy that matches the URL category of ANY, that also matches the source, destination and port. If there are no custom policies configured that match, it should move to the “interzone-default” rule. Right now, when looking at the logs, I see IPs of a destination that do not match the URLs in the URL Category, but due to the SNI/HTTP header not being present, it is showing the initial matched rule and shows that it’s allowed. I want to be able to look at the logs and see that it hit an actual rule that had a URL category as ‘any’ that also matches the source, destination, port which is being dropped or denied. As of now we will process the packet based upon six tuples, we will keep this URL category as "any" till we see SNI packet, http get request packet. Customer has to answerable to his management due to wrong logging. Kindly check this and share your thoughts!
... View more