Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2870
Views
0
Helpful
5
Replies

Ironport S160 Access Policy URL Category not working

Go to solution
nairco_admin
Level 1
Level 1

‎07-01-2014 09:15 AM

I have created a custom URL category "Allowed Sites" and put some sites in there that I want the proxy not to block and ticked the "Allow" field in my Access Policy.

Those sites also match the predefined URL category "Online Storage and Backup" which is blocked.

When I try to access those websites, the proxy blocks them saying they belong to the above predefined category.

Now, how can I allow those few sites, but not the whole predefined category??? Why is my custom category not being considered? URLs in there look like .example.com, .example2.com

 

Any help appreciated,

Kat

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vance Kwan
Cisco Employee
Cisco Employee
In response to nairco_admin

‎07-10-2014 10:49 PM

Do you have any trouble with the other sites on the custom URL category?  Do you have mozy.com and .mozy.com in the category?

 

What version of OS are you running?

View solution in original post

0 Helpful
5 Replies 5

Go to solution
kushsriva
Level 1
Level 1

‎07-10-2014 05:03 AM

Hi,

Could you please provide a screen shot of the WSA Access policy configuration?

Also please login to the WSA and run the command 'tail' --> 1 (access_logs). Try to access the websites in the custom category and provide the output.

 

Regards,

Kush

0 Helpful

Go to solution
nairco_admin
Level 1
Level 1
In response to kushsriva

‎07-10-2014 05:45 AM

Hi Kush,

find attached the screenshot of the Access Policy with only the first few lines of the Predefined URL Categories. Also the category I created with "mozy.com" and others in it.

This is the output of a policy trace for a user that is assigned to this Access Policy when testing the URL in question "mozy.com"

URL Check
WBRS Score: 6.5
URL Category: Online Storage and Backup
Policy Match
IronPort Data Security policy: None
Decryption policy: None
Routing policy: None
Identity policy: NTLM_Identity
Access policy: exHSP
Final Result
Request blocked
Details: Request blocked based on URL category
Trace session complete

 

I'll do the tail and later today.

Kat

Preview file
16 KB
Preview file
56 KB
0 Helpful

Go to solution
Vance Kwan
Cisco Employee
Cisco Employee
In response to nairco_admin

‎07-10-2014 10:49 PM

Do you have any trouble with the other sites on the custom URL category?  Do you have mozy.com and .mozy.com in the category?

 

What version of OS are you running?

0 Helpful

Go to solution
nairco_admin
Level 1
Level 1
In response to Vance Kwan

‎07-11-2014 12:58 AM

Duh, thanks. That did it. Arg. Didn't realize that (dot)mozy.com doesn't match when the URL is just http://mozy.com. Kinda obvious though, haha.

Thanks vakwan.

Kat

0 Helpful

Go to solution
MD KAFINUZZAMAN
Level 1
Level 1

‎09-16-2014 09:01 PM

Hi

In my ironport I can access all site except Google and yahoo. I have connected Ironport inside zone from core switch and firewall redirect  to ironport. I have no DNS server.

 

I need your suggestion..............

 

Thanks

 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents