URL Filtering does not log some HTTP/HTTPS connections accepted by Firewall blade

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk121894
Technical Level
Product	URL Filtering
Version	All
OS	Gaia
Platform / Model	All
Date Created	12-Dec-2017
Last Modified	18-Dec-2017

Symptoms

Although URL Filtering blade is enabled and HTTP/HTTPS connections are accepted by the Firewall blade, SmartLog shows only few URLF records which are much less than firewall records for the same traffic.
Output of fwaccel stats -s command shows more F2Fed pkts than PXL pkts.
fw monitor shows TCP SYN packets passing through the Security gateway however there is no response (SYN/ACK) from Web servers.

Cause

There is an external Security gateway blocking Internet connections from some internal hosts even though the internal gateway accepts them.

The SYN packet is allowed by the Firewall blade and a firewall log is shown in SmartLog, however the security gateway does not get to see any L7 HTTP/HTTPS information since the TCP connection was never established, therefore no URL Filtering logs are seen for these connections in SmartLog.

Solution

Note: To view this solution you need to Sign In .