Use category-based URL filtering in IPv4 or IPv6 Access rules in a Firewall Policy, IPS Policy, Layer 2 Firewall Policy, or Layer 2
Interface Policy to define which traffic is logged or blocked when a URL match is found.
Before you begin
Category-based URL filtering requires that the engine is licensed to use the ThreatSeeker categorization
service. You must also define DNS server addresses in the NGFW Engine elements so that the engines can send categorization
requests to ThreatSeeker.
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
Right-click a policy and select Edit <policy type>.
-
On the
IPv4 Access or
IPv6 Access tab, add a rule.
Tip: As a general guideline, we recommend placing rules that allow traffic above rules that block traffic.
-
Drag and drop elements from the
Resources pane on the left to the
Source and
Destination cells.
-
Add URL Category or URL Category Group elements for category-based URL filtering in one of the following ways:
- Drag and drop one or more elements from the Resources pane on the left to the
Service cell.
- Add elements to the Service definition.
When you use URL Category Group elements in a rule, the rule matches if any of the URL Categories in the group match.
-
In the Action cell, select the action depending on the purpose of the rule.
- To allow matching traffic, select Allow.
- To block matching traffic, select Discard.
-
(Optional) In the
Logging cell, configure the logging options for the rule.
-
Click
Save and Install.
Next steps
If you want to make exceptions to the category-based URL filtering, add rules to manually block or allow URL List Applications.