The recommended practice for deploying URL
filtering in your organization is to first start with a passive
URL filtering profile that will alert on most categories. After setting
the alert action, you can then monitor user web activity for a few
days to determine patterns in web traffic. After doing so, you can
then make decisions on the websites and website categories that should
In the procedure that follows, threat‑prone
sites will be set to block and the other categories will be set
to alert, which will cause all websites traffic to be logged. This
may potentially create a large amount of log files, so it is best
to do this for initial monitoring purposes to determine the types
of websites your users are accessing. After determining the categories
that your company approves of, those categories should then be set
to allow, which will not generate logs. You can also reduce URL
filtering logs by enabling the
Log container page only
in the URL Filtering profile, so only the main page that matches
the category will be logged, not subsequent pages/categories that
may be loaded within the container page.
and rename it. For example, rename it to URL-Monitoring.
Configure the action for all categories to
except for threat‑prone categories, which should remain blocked.
To select all items in the category
list from a Windows system, click the first category, then hold
down the shift key and click the last category—this will select
all categories. Hold the control key (ctrl) down and click items
that should be deselected. On a Mac, do the same using the shift
and command keys. You could also just set all categories to alert
and manually change the recommended categories back to block.
In the section that lists all URL categories,
select all categories.
To the right of the
mouse over and select the down arrow and then select
To ensure that you block access to threat-prone sites,
select the following categories and then set the action to
Apply the URL Filtering profile to the security policy
rule(s) that allows web traffic for users.
and select the appropriate
security policy to modify it.
section, click the
and select the
Save the configuration.
View the URL filtering logs to determine all of the website
categories that your users are accessing. In this example, some
categories are set to block, so those categories will also appear
in the logs.