About krdeepu

1. Will this policy allow traffic on port 80   on other applications   other than browser - Yes. You're not specifying an application, so any connection on port 80 (you said "http" but that's not a port, so I'm assuming just port 80) to the sites in the URL Category you've defined will match.     2. Will this policy only allow traffic to google and bing on port 80 on web browser - See above. It will technically do what you want, but it's not a very robust rule.     3. If traffic is generated in port 80 using other application will this policy allow that traffic to other destinations other than google and bing. -Sort of. If the initial packet is a TCP SYN on port 80, it doesn't know if it's going to match your category yet since there is no domain name associated with the request. The 4th packet would be an HTTP GET request, so it should be ok.     All this said, I doubt your rule will do anything useful. Both Google and Bing have HSTS configured, meaning you're immediately redirected to their respective HTTPS pages, so your port-80 rule won't get much use.    I'd recommend starting with allowing everything, then going to Google and Bing to see what your traffic looks like. You'll likely have better luck creating a rule based on applications rather than ports anyway. Categories are good, but the rules can get complex to handle if you're defining everything in the service/category section. A more robust way would be to create a URL filtering policy with "Alert" as the action for your custom category you want to allow and "deny" as the others. Using profiles allows you to change any rule using that profile instead of having to update many rules when your needs change. ... View more