We had a recent event take place in which an IP address of a web site was being actively blocked by TALOS Security Intelligence as a Malware site. We created a URL Object, added to whitelist, and the site continued to be blocked by IP address. Our only solution was to add the IP address to the global whitelist.
Is this expected behavior? It seems backward to us, as websites sometimes change IP address. Does the FMC always read the IP Blacklist prior to the URL whitelist?