Categorization for URL Filtering / Application Control blades

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk92941
Technical Level
Product	Application Control, URL Filtering
Version	R75, R76, R77, R77.10, R77.20, R77.30
Date Created	05-Jun-2013
Last Modified	21-May-2016

Symptoms

URL Filtering / Application Control blade does not appear to categorize correctly.
The category "Web Browser" is used in the policy, and "Web Traffic" does not behave as expected.

Cause

The Policy is created similar to the Firewall policy: allow specific connections through, followed by a cleanup drop rule.
The category "Web Browser" allows / drops the traffic that is matched to that rule.

The Policy is designed to be written as a Cleanup "Any Any Allow", as opposed to an "Any Any Drop"

Web Browser category is meant to allow/block certain browsers. If policy allows everything from that category, then every connection made from the browsers listed will be allowed, and no other rules below will be followed. Same concept applies if policy is set to "Drop".

Solution

Follow these steps in SmartDashboard:

Change the Application & URL Filtering Policy, so that you have "Drop" rules are located above the Cleanup "Allow" rule.
Modify the Application & URL Filtering Policy, so that the "Web Browser" category is used correctly (as explained in the "Cause" field), or remove it from the Policy, altogether.
Install policy on Security Gateway.

Related solutions:

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating