ProxySG & Advanced Secure Gateway

 View Only
  • 1.  Categorization Query

    Posted Jan 12, 2022 06:23 AM
    Hi, just have a quick query. if we are blocking category "news" in First Web Access layer and in the Second Web Access Layer we create a new rule to allow a specific URL "edition.cnn.com" which belongs to this category, would it to be allowed or blocked?

    Secondly if we need to allow a specific URL in CPL and not the whole domain, do we need to use the below command.

    For example if we want to block whole Broadcom domain but only allow the below specific URL, do we need to use the below in CPL?

    url= knowledge.broadcom.com/external/article/169152/allow-websites-blocked-by-webfilter-cate.html


    Your feedback is appreciated. Thanks

    ------------------------------
    Symantec Enthusiast
    ------------------------------


  • 2.  RE: Categorization Query

    Posted Jan 12, 2022 06:33 AM
    Hi Sulman,

    For your first question, yes the site would be allowed as long as the 2nd web access layer was positioned to right of the first one. The local policy entry would work as long as you have SSL interception enabled so that the URL path is visible to the proxy.

    Regards
    Paul


  • 3.  RE: Categorization Query

    Posted Jan 12, 2022 06:39 AM
    Hi Paul, thanks for the reply. In the new Web VPM, we don't have the same look and feel like old java VPM, where we could order the layers from left to right. Instead, now we have a top down layer ordering with the new web VPM. so in the new web VPM we need to make sure that the Access layer which is allowing access to the specific URL is kept at the bottom?

    Also I am aware that SSL interception needs to be enabled so that we can see the full URL.

    I just wanted to know the url= "Full URL Path" is the right syntax for allowing a specific URL in the CPL?

    Thanks for the feedback.

    ------------------------------
    Symantec Enthusiast
    ------------------------------



  • 4.  RE: Categorization Query

    Posted Jan 12, 2022 06:49 AM
    Yes, it is top down in the Web based VPM view.

    Regards
    Paul