URL Filtering with UFP Server makes incorrect decisions when 'UFP caching control' is set to 'Security Gateway'
- When a URI Resource is created to match a UFP Server such as WebSense, and the 'UFP caching control' is set to 'Security Gateway', only simple WebSense policies cache the results correctly.
- Complex policies - such as general policy for all users, additional specific policies for other users based on the source IP address, MachineID or other mechanisms, will NOT cache correctly, resulting in sites that should be allowed being blocked, or vice versa.
The caching mechanism only caches the result - whether or not a particular URL was allowed. It does not include the Source IP address or other information that would allow to differentiate any of the conditions that the UFP Server is using to execute the complex policy.
This is currently not supported by the caching mechanism.
Change the setting in the following way to have the caching behave correctly :
- SmartDashboard - 'Manage' menu - Servers and OPSEC Applications - New... - OPSEC Application... - assign the name, check the relevant boxes, etc
- SmartDashboard - Resources tab - New - URI :
- 'General' tab - assign the name , under 'URI Match Specification Type' check 'UFP' box
- 'Match' tab - choose the OPSEC Application that was created in Step 1, under 'UFP caching control' choose either "No Caching", or to "UFP Server"
- Install policy
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
This solution is about products that are no longer supported and it will not be updated