In our environment we have users who are using the proxy and users who are not using the proxy.

We have  internal users who are using the PRoxy --Browser with PAC http/https traffic goes via Webgateway.

Webgateway has exceptions for certain https websites that traffic goes via Firewall not webgateway--this is also for internal users who are using proxy.

Firewall is not doing the DNS for users.

Then we have Internal users who are not using the proxy there browser have no PAC file for these users http/https traffic goes via firewall not web gateway.

Firewall   rules

1>Rule 1        Web exceptions for websites for internal users who are using proxy and we want this traffic not to go via webgateway.

This is the rule we are having issues with network object  type IP address as often some https websites address gets changed.

2>Rule 2 is for internal users who are not using proxy and there all traffic http/https  is allowed too any website.

Under this rule under Application defense group we are using url filtering.

This rule 2 has application defense group called say url filter .

When i go to groups i see this group name called url filter.

When i select this group then on Right hand side under name i see this url filter group name at top.

Then on below window under  Application Defense i see                                                                 Name

                                                      http                                                                                           url filtering

Hope it make sense to you now.

Mike