I understand that, even the

Ivan Raic · ‎02-27-2017

Hello,

So i setup a rule to only allow category "search engines" and block everything else.

After applying it, i am able to browse to google.com and i get blocked from news websites etc.. so working as expected.

But i am able to browse to google drive - which is wrong.

According to Firesight its listed as "Personal Storage", but when I go to Analyse, Connection, Events, its listing as "Search Engines".

Any help with this is appreciated.

Firesight - 6.2.0

Firerpower - 6.2.0-362

DNS resolving on both boxes and i can see the latest ruleset downloaded.

Ivan.

Philip D'Ath · ‎03-01-2017

Perhaps create a rule to try allowing Google Drive explicitly.

Ivan Raic · ‎03-02-2017

So the work around was to put a rule in before the permit 'search engine' category to block URL drive.google.com.

But this should not have to be done because google drive is not a search engine.

Dennis Perto · ‎03-02-2017

The URL filtering service it from Webroot. You can lookup the URL here.

On that website I am told that the URL "drive.google.com" is in the category "Personal Storage", as expected.

http://www.brightcloud.com/tools/url-ip-lookup.php

Ivan Raic · ‎03-02-2017

I understand that, even the Firesight console reports it as personal storage when doing a category check.

What I don't understand is why it comes up under event viewer as search engine.

Dennis Perto · ‎03-02-2017

It does sound like a bug. Maybe you should have Cisco TAC take a look at it.

URL Filtering not working as expected