How to Configure URL Filtering with Category and Reputation

Do This

More Information

Step 1

Ensure that you have the correct licenses.

Assign the URL Filtering license to each managed device that will filter URLs.

Step 2

Ensure that your CDO can communicate with the cloud to obtain URL filtering data.

Internet Access Requirements and Communication Port Requirements.

Step 3

Understand limitations and guidelines and take any necessary actions.

Best Practices for URL Filtering

Step 4

Enable the URL Filtering feature.

Enable URL Filtering Using Category and Reputation

Step 5

Configure rules to filter URLs by category and reputation.

Configuring URL Conditions

For the best protection against malicious sites, you must block sites by reputation AND block URLs in all Threat categories.

(Optional) Supplement or Selectively Override Category and Reputation-Based URL Filtering

Step 6

(Optional) Allow users to bypass a website block by clicking through a warning page.

HTTP Response Pages and Interactive Blocking

Step 7

Order your rules so that traffic hits key rules first.

URL Rule Order

Step 8

(Optional) Modify advanced options related to URL filtering.

Generally, use the defaults unless you have a specific reason to change them.

For information about advanced options, including the following, see Access Control Policy Advanced Settings.

  • Maximum URL characters to store in connection events

  • Allow an Interactive Block to bypass blocking for (seconds)

  • Retry URL cache miss lookup

  • Enable reputation enforcement on DNS traffic

Step 9

Deploy your changes.

Deploy Configuration Changes

Step 10

Ensure that your system receives future URL data updates as expected

Configure URL Filtering Health Monitors

Step 11

Be sure you have enabled other features that protect your network from malicious sites

See Security Intelligence.