7 Replies Latest reply on Oct 23, 2015 11:38 AM by clburden1977

    Uncategorized URL blocking on Sidewinder

    clburden1977

      How have a requirement to block unclassified domains.  How would I do that on the Sidewinders?  I see on the smartfilter/Smartfilter Management that there is a drop down set to block uncategorized URL's.  I also see under smartfilte/filter policies that each filter policy created has the Uncategorized URL action set to allow.  Should that be changed to block?  Or is there anything else that I need to set/modify, ie  some in the HTTP application defenses?

       

      TIA

      CB

        • 1. Re: Uncategorized URL blocking on Sidewinder
          Peter M

          Moved to Firewall Enterprise (Sidewinder) for faster support.

          ---

          Peter

          Moderator

          • 2. Re: Uncategorized URL blocking on Sidewinder
            clburden1977

            We use McAfee Firewall Enterprise  Admin Console but my question is how to I set up blocking Uncategorized URL/Domains.

            • 3. Re: Uncategorized URL blocking on Sidewinder
              Peter M

              Hopefully someone with that expertise will answer you soon.

              • 4. Re: Uncategorized URL blocking on Sidewinder
                sliedl

                SmartFilter categorizes URLs and IP addresses.  For HTTPS sites it can only see the IP address so that is what it uses.  It cannot categorize every URL or IP, of course, so you either Allow or Deny URLs and IP addresses that have not been categorized.

                 

                Here is how I interpret those options in the SmartFilter section (since they are not explicitly explained anywhere that I can see):

                • On the main 'SmartFilter Management' tab, the section is called "URL requests by IP address" and you can Allow, Block, or Lookup as actions.  As the title of the section says, this is for "URL requests by IP address," which are requests made to HTTPS sites (the URL is encrypted so we can't see the DNS name of the site, we only have the IP address).
                • In each Filter Policy there is an "Uncategorized URL action" section.  This is for actual HTTP URLs that SmartFilter can read, like uncategorizeddomain.com, and the Action that SmartFilter will take for the URL.
                • The "URL Requests by IP address" section on the main page is for ALL Filter Policies (for requests made by IP address and not a DNS URL) and then each Filter Policy itself has its own section for any uncategorized URL (a non-IP address URL, specifically an HTTP request, not an HTTPS request).
                • 5. Re: Uncategorized URL blocking on Sidewinder
                  clburden1977

                  On your 3rd bullet, are you saying that each individual filter policy will override the "URL Requests by IP address"?  So I would have to set the URL Request by IP address as well as each filter policy to block vice having the URL by IP set to block and the filter policy set to allow?

                  • 6. Re: Uncategorized URL blocking on Sidewinder
                    sliedl

                    They are two different things; one works on IP addresses and the other works on Domain Names.  I don't believe either one overrides the other since they are doing two different things.

                     

                    If you decide to block uncategorized IP addresses you may end up blocking a lot of legitimate things.  The only way to know is to turn it on and see.

                     

                    A support ticket was opened on this subject yesterday and I presume that was you.  I'll put a link to this discussion into that SR.

                    • 7. Re: Uncategorized URL blocking on Sidewinder
                      clburden1977

                      Thank you for that information and your assistance.