Support Center > Search Results > SecureKnowledge Details
Wrong rule match on the first access to a URL or website Technical Level
Symptoms
  • Security Gateway logs for the first access to a URL or website show that an unexpected Access Control rule is matched for this traffic.

  • Security Gateway logs for later accesses to the same URL or website show that the expected Access Control rule is matched for this traffic.

  • After a while, the same behavior happens again.

  • The unexpected rule matched on the first access is a catch up rule to "Any Services & Applications" or "Uncategorized" Websites.

Cause

Application Control Signatures and URL Filtering Categories are used in the same rule.

Example of an Access Control rule that contains a Group object:

Example of a Group object:

The Security Gateway must inspect at least several packets to identify the application and determine which Access Control rule to match. Even if the URL Filtering category matches before the Application Control, it may be possible that this Access Control rule is not the appropriate one for the Application Control.

This happens if Application Signatures and URL Filtering categories are used in a Group object, and are also used as single objects in the "Services & Applications" column of the Access Control rule.

For more information, see:


Solution
Note: To view this solution you need to Sign In .