Okay, so to go into more detail, I'll explain how our URL security rule was written when it was broken and how we changed it to fix the problem.
1. In a broken state, we had a security rule with the URL referenced in a custom URL category. That Custom URL category was then added to the security rule.
2. To Fix the problem we changed the URL Category in the security rule to Any and added each URL we wanted to permit in the Destination. When you add a URL to the destination of a security rule, you'll need to create an address object and choose FQDN.
Hope that helps!
... View more