URL Filtering Logs
Focus
Focus

URL Filtering Logs

Table of Contents

URL Filtering Logs

An overview of URL filtering logs.
URL Filtering logs (MonitorLogsURL Filtering) display comprehensive information about traffic to URL categories monitored in Security policy rules. Attributes or properties recorded for each session include receive time, category, URL, from zone, to zone, source, and source user. You can customize your log view so that only the attributes you are most interested in display. The firewall generates URL filtering log entries in the following cases, with exceptions noted:
  • Traffic matches a Security policy rule with a URL category as match criteria. The rule enforces one of the following actions for the traffic: deny, drop, or reset (client, server, both).
    URL filtering logs are only generated when an action results from a URL category match. If you have Security policy rules with applications as match criteria, a URL can be blocked due to an application (App-ID) rather than a URL category match. This behavior depends on how packets in the session are parsed.
    For example, suppose you have a Security policy rule that blocks the social-networking category and another rule that blocks a specific social media application. Traffic to the social media website could result in a Security policy lookup that hits an App-ID rule instead of a URL filtering rule. In this case, a URL filtering log isn't generated.
  • Traffic matches a Security policy rule with a URL Filtering profile attached. Site Access for categories in the profile is set to alert, block, continue, or override.
By default, categories set to allow do not generate URL filtering log entries. The exception is if you configure log forwarding.
If you want the firewall to log traffic to categories that you allow but would like more visibility into, set Site Access for these categories to alert in your URL Filtering profiles.