URL Filtering – Categorization

Alejandro_Lansa — Thu, 11 Oct 2018 13:48:43 GMT

I have a new question about URL Filtering. I am testing the Application Control und URL Filtering Blades in order to replace our Proxy, but I have a problem with Categorization. The test is done with a R80.10 security Gateway configured as HTTP/HTTPS Proxy with a restrictive configuration: Each Department has access to a group of categories, and all other categories are blocked.

I experience the following behavior:

When a user opens a new Web Site it becomes immediately the category “Web Browsing”. This Category is not allowed in our Policy and the firewall drops the connection.
The second time that we open the same website the site is correctly categorized and traffic accepted oder droped according to the policy.

This behavior is also described in SK105642 “Allowed site is blocked on first attempt, then allowed on second attempt”, but the solution doesn’t work for me.

The advanced configuration of Application Control & URL Filtering is:

Fail Mode – Block all requests (fail-close)
Web browsing – “enable web browsing logging and policy enforcement” – Disabled
Checkpoint online web service
- Block requests when web service is unavailable
- Website Categorization mode: Hold – requests are blocked until categorization is complete

For torubleshooting purposes I have temporary disabled https inspection and I experience the same problem.

Has anyone experienced a similar problem?

Re: URL Filtering – Categorization

PhoneBoy — Fri, 12 Oct 2018 15:54:04 GMT

The SK does a fairly good job describing the issue.

The solution described clearly doesn’t work in R80.10.

Maybe instead of entirely blocking Web Browsing you “limit” it to a ridiculously low bandwidth.

This will allow the traffic to continue until it is classified appropriately.

topic URL Filtering – Categorization in Firewall and Security Management

URL Filtering – Categorization

Re: URL Filtering – Categorization