Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Harmesh_Yadav
Collaborator

Need port based access - inline rule APP URL

Dear Team ,

I have created Application and URL Filtering Inline rule

In service and Application i need to add Application , URL categories and Services

I have created multiple policy and allowed some URL categories for legitimate traffic .

Added Block categories which should be block as per organization compliance .

Actually i am little bit confuse with Port based access .

if i need to give specific service like HTTP HTTPS DNS and other required service and rest of services should be block . so how can i achieve my requirement from inline rule please let us know .

Either  i create new rule or Add services in existing rule how it will work ?

 

Regards,

Harmesh Yadav

Harmesh Yadav
0 Kudos
2 Replies
the_rock
Mentor
Mentor

Personally, I find that for urlf, you are just better off create normal rules on top of your rulebase and NOT use inline or ordered layer for it. I find the way TAC recommends to place any any allow at the bottom makes no logical sense to me. Here is why I say that...say you create ORDERED url layer, ok fine, but then if you put inline layer in it, it would probably cause issues where say traffic in network layer is dropped, but that would be accepted on any any allow at the bottom of url layer (because thats what TAC recommends based on the sk)

 

Honestly, if I were you, I would do it this way...slap everything in one ordered layer with url rules on top...works fine for me, never an issue!

Happy to do remote session and help you with this.

Andy

0 Kudos