Create a (mostly) passive URL Filtering
profile that alerts on most categories. When you select the
for a URL category, the firewall logs traffic to that category.
Then, you can see the sites your users are accessing and decide
on the appropriate site access for URL categories and specific sites.