Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
G_W_Albrecht
Legend Legend
Legend

URLF / APCL Whitelisting

A customer wanted to allow his clients access to all sites needed by whitelisting (R77.30). He uses URLF / APCL blade, but no https inspection, so all he can do is let the blade categorize https sites. But he does not want to Allow any URLF Categories!

Using Custom Categories for overriding URLF category to create exception does not work, because Custom Categories only can be used in URLF / APCL rulebase and is not available for "Overriding URLF category" that only shows the pre-defined categories. Otherwise, it would be possible to first create a new category and then overide the URLF categorization with this category for the sites to be whitelisted. Then he could allow the sites by allowing the new category (=RFE).

So he had to follow this procedure for site exceptions suggested by CP:

1. Create one custom application with all the URLs that you need allow or different custom applications for each needed URL

2. Add the created application to "allow" rule on top of rule base

3. Add "DNS protocol" and "SSL protocol" services to the same rule (we have to allow them in case a custom application is used).

4. Install policy.

This solution will work even if HTTPS inspection is disabled.

CCSE / CCTE / CCME / CCSM Elite / SMB Specialist
12 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events