Sorry for the delay in responding but I've been tied up with other things. Also I will not be able to work on this for the next week. When I can get back to this I will look at some of the things you've mentioned. However in regard to your comment: "What is likely happening is that the firewall allows the TCP/80 traffic, even identifies it as web-browsing, and then it attempts to match that traffic with your permit rules. If it matches, great. If not, it stops. The trick question is, how should the firewall log the traffic? Should it log the traffic as being denied (when some portion went through?)" I would think that if the firewall is going to log this traffic as allowed because it got part way through the process, it should also have a denied entry when it determines that something about the rule (in my case the URL Category) prevents it. It seems like this isn't happening and maybe that's just the way it works, however I find this confusing. Thanks very much for your insight.
... View more