Hi

I recently rolled out a pair of small appliances to two sites.

The web filtering policy for a particular user group is layered, and it has an allow list and the next rule is a drop all, with block message. HTTPS scanning is enabled with the cert rolled out. (I have also tried breaking the layers and having the standalone accept rule and then the standalone drop all rule after it)

On one site this works perfectly.

On another site, regularly (Every day or at least every other day) from early in the morning the firewall starts blocking all requests to anything categorised 'Computers/Internet' (Which is an allowed category) and a lot of things stop working. There are no failed category updates in the system log (Before the upgrade this same behaviour occurred, but we had updates failed and then database failed to reload so i suspected this initially). It's like the allow rule is being completely ignored. User auth is working, as the user name is logged in the log entry with the message the site was blocked as it belongs to the computers/internet category.

The only way to stop this is to remove the drop rule after the allow for this user group, Once you re-enable it and install the policy it will be fine again until the next time it happens out of the blue.

I previously upgraded the appliance from R80.20, as they were getting an HTTPS inspection error around certificate length (>1000) that the fix seemed to be upgrade to R80.30.

Any ideas?