Use category-based URL filtering in IPv4 or IPv6 Access rules in a Engine Policy, IPS Policy, Layer 2 Engine Policy, or Layer 2
Interface Policy to define which traffic is logged or blocked when a URL match is found.
Before you begin
Category-based URL filtering requires that the engine is licensed to use the ThreatSeeker categorization
service. You must also define DNS server addresses in the Secure SD-WAN Engine elements so that the engines can send categorization
requests to ThreatSeeker.
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
Right-click a policy and select Edit <policy type>.
-
On the
IPv4 Access or
IPv6 Access tab, add a rule.
Tip: As a general guideline, we recommend placing rules that allow traffic above rules that block traffic.
-
Drag and drop elements from the
Resources pane on the left to the
Source and
Destination cells.
-
Add URL Category or URL Category Group elements for category-based URL filtering in one of the following ways:
- Drag and drop one or more elements from the Resources pane on the left to the
Service cell.
- Add elements to the Service definition.
When you use URL Category Group elements in a rule, the rule matches if any of the URL Categories in the group match.
-
In the Action cell, select the action depending on the purpose of the rule.
- To allow matching traffic, select Allow.
- To block matching traffic, select Discard.
-
(Optional) In the
Logging cell, configure the logging options for the rule.
-
Click Save
and Install.
Next steps
If you want to make exceptions to the category-based URL filtering, add rules to manually block or allow URL List Applications.