FMC URL filter rule priority

josef84 — Fri, 15 Mar 2024 19:58:41 GMT

Hello,

I have a situation where I have to create a URL filter, however, I'm not sure about the impact of the rule, or what order it should be processed in.

1. There are 3 URL's that need to be accessed by a group of networks, ONLY these networks can access these URL's. By creating this rule, all other networks will be implicitly denied access to the URL, correct?

2. I have other networks that still need HTTPS access to other sites, but not the 3 URL's, will these networks be unaffected by the previous rule at the top of my policy?

Thank you.

Re: FMC URL filter rule priority

Rob Ingram — Fri, 15 Mar 2024 20:30:03 GMT

@josef84 no, you would need a rule to explictly deny traffic to those 3 URLs higher up in the ruleset to deny access.

If you create a rule for a group of networks to access those 3 URLs, those networks would match that rule, any other network that does not match that rule will be processed by the remaining rules in access control policy. This may mean they are processed by the HTTPS rule you refer to.

topic FMC URL filter rule priority in Network Security

FMC URL filter rule priority

Re: FMC URL filter rule priority