I am having a weird issue and it seems to be in releation to https://google.com.
A user is using google search and as she types in the search box I can see that every keystroke that is entered is blocked and classified as an attack. As we know that google tries to autofill the results and is sending packets back and forth to be helpful.
The audit viewer shows that the packets are being blocked by the smart filter and the category is appdef_violation and the reason is "Request Denied by smart filter".
All other search engines are fine.
You probably have to select "Allow uncategorized IP addresses" in the SmartFilter settings. If you paste the whole audit message we can see what the exact issue is. If that is not it you should open a Support Ticket.
I was looking over this issue and we found something strange the other day.
It seems that after upgrading to 8.3.2 that the IPS signatures were stuck at a 2010 version on both firewalls that were upgraded.
The update section in software was checked and it reported that the ips signatures were up to date, however when verifiying the version we saw that a 2010 version with outdated and deprecated signatures were being used.
A manual download of the latest 2014 signatures needed to be done and loaded in the firewall.