Determine URL Filtering Policy Requirements
The recommended practice for deploying URL filtering in your organization is to first start with a passive URL filtering profile that will alert on most categories. After setting the alert action, you can then monitor user web activity for a few days to determine patterns in web traffic. After doing so, you can then make decisions on the websites and website categories that should be controlled.
In the procedure that follows, threat‑prone sites will be set to block and the other categories will be set to alert, which will cause all websites traffic to be logged. This may potentially create a large amount of log files, so it is best to do this for initial monitoring purposes to determine the types of websites your users are accessing. After determining the categories that your company approves of, those categories should then be set to allow, which will not generate logs. You can also reduce URL filtering logs by enabling the
Log container page onlyoption in the URL Filtering profile, so only the main page that matches the category will be logged, not subsequent pages/categories that may be loaded within the container page.
If you subscribe to third-party URL feeds and want to secure your users from emerging threats, see Use an External Dynamic List in a URL Filtering Profile.
- Create a new URL Filtering profile.
- SelectObjectsSecurity ProfilesURL Filtering.
- Select the default profile and then clickClone. The new profile will be nameddefault-1.
- Select thedefault-1profile and rename it. For example, rename it to URL-Monitoring.
- Configure the action for all categories toalert, except for threat‑prone categories, which should remain blocked.To select all items in the category list from a Windows system, click the first category, then hold down the shift key and click the last category—this will select all categories. Hold the control key (ctrl) down and click items that should be deselected. On a Mac, do the same using the shift and command keys. You could also just set all categories to alert and manually change the recommended categories back to block.
- In the section that lists all URL categories, select all categories.
- To the right of theActioncolumn heading, mouse over and select the down arrow and then selectSet Selected Actionsand choosealert.
- To ensure that you block access to threat-prone sites, select the following categories and then set the action toblock: abused-drugs, adult, gambling, hacking, malware. phishing, questionable, weapons.
- ClickOKto save the profile.
- Apply the URL Filtering profile to the security policy rule(s) that allows web traffic for users.
- Selectand select the appropriate security policy to modify it.PoliciesSecurity
- Select theActionstab and in theProfile Settingsection, click the drop-down forURL Filteringand select the new profile.
- ClickOKto save.
- Save the configuration.ClickCommit.
- View the URL filtering logs to determine all of the website categories that your users are accessing. In this example, some categories are set to block, so those categories will also appear in the logs.For information on viewing the logs and generating reports, see Monitor Web Activity.Select. A log entry will be created for any website that exists in the URL filtering database that is in a category that is set to any action other thanMonitorLogsURL Filteringallow.