Hello everyone and Happy New Year! 🙂
I wanted to post this to see if anyone has any suggestions at all. So I worked with escalation guy on it and he could not really offer a whole lot sadly. So, here is the story...customer has cloud smart-1 mgmt (though I dont think thats overly relevant) and 2 6400 gateways in HA cluster. We enabled https inspection and created simple ordered url layer with blacklist first and then any any allow at the bottom (I know thats recommendation, as odd as I find that, but whitelist first does not seem to work).
So what happens is that if we test PC from behind internal interface (10.50.0.135), we see it gets accepted on network layer, inline layer 5 and then certain categories are supposed to be blocked on rule 1 of ordered url layer, which does NOT happen.
To make things even worse, not even Internet access on that PC works, unless we create bypass https inspection rule for whole 10.50 net...which is pointless, since it defeats the purpose of even using https inspection.
Then TAC finds out that not even wstlsd process is working on gateway, so guy said there is noting to debugs. We tried disabling url filtering, app control. https blades, no go. Also rebooted, same issue.
These are brand new firewalls with latest R80.40 and jumbo hotfix...Im totally lost as far as why this happens. Maybe Im wrong when I say this, but if rule in network layer allows that PC to go anywhere on the Internet, should not url ordered layer still block the categories listed? As per escalation, thats totally fine, but I still have some doubts...
Any advice would be appreciated!