08-20-2013 04:32 PM
I have an access policy on an Ironport S370 configured for a locked down AD account that is allowing access to only two internal sites and blocking all other categorized and non-categorized URLs. I've created custom URL categories for these two URLs and added them to this access policy, however about 2 weeks ago one of the URLs started to get blocked because it matched a predefined URL category that is blocked.
This rule is #1 in the order of access policies. Under the Access policy I see the 2 custom URL categories set to 'Allow' and all of the Pre-defined URL categories are set to 'Block'. Is this the recommended setup for doing what I'm trying to do? It seems the pre-defined category settings are over-riding my custom URL categories. Any suggestions?
Thanks!
Mark
08-20-2013 09:52 PM
Hi Flurrball,
Grep for the access logs using the IP of the PC as the expression. This will tell you if you are trully hitting the correct access policy.
Sincerely,
Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator
08-23-2013 12:02 PM
Erik,
Thanks for the info. I can see from the logs it is indeed hitting the correct access policy so I must have it configured wrong. What is the correct way to block all but 2 sites from a user with an access policy?
Thanks,
Marcus
08-23-2013 12:16 PM
Hi Marcus,
You will want to create a custom URL category and add the 2 URLs to it for example .microsoft.com, microsoft.com. Set it to allow not monitor.
Sincerely,
Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator
08-23-2013 12:22 PM
Erik,
Thanks for the fast response again! So I already have the 2 URLs added as custom categories to the access policy. The only other config I have in this access policy is that it BLOCKS all other categorized and un-categorized URLs.
Do the Custom URL categories always override the pre-defined category settings? It seems to be ignoring my custom URL categories.
I'm also using just the domains in the Custom URL categories, so it's cisco.com instead of www.cisco.com. Could this be part of the problem?
Thanks,
Marcus
08-23-2013 12:35 PM
Hi Marcus,
The custom URLs will only over ride the default action to the access policy categories if you set the action to monitor the URL will be categorized which will be blocked based on the category being blocked. But if you set the action to allow then it will not be scanned aka categorized and be allowed.
Sincerely,
Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide