Virtual Secure Web Gateway

Hi Guys: Have you experience any problems trying to block specific URL (ex: www.facebook.com) using Blacklist entry on the SWG 8450. I'm trying to do some test, but unless i block the entire Category "Social Networks" it doesn't work for the blacklist. This SWG is on a test environment connected on Inline Mode. We're Partner and a customer is interested on the product and we want to fully understand this Product before making a Demo of it. When i try the test page (testwebgateway.com/test/bltest.htm) it comes normally. Maybe i'm not configuring as should be, but as far as i understand this product is cappable os blocking specific URL's. Please Help!

Moises,

You may not have a policy action configured for the Category you've assigned in the Blacklist.  If you take a look at the bottom of each Blacklist entry, there is a Severity & Category label you select for this particular entry.  The Action in the Policy for that Severity and/or Category is what drives whether or not that entry is blocked.  This allows for much more flexibility than a blanket Blacklist entry.

If you have any questions, please include a screenshot of your Blacklist entry and I will try to assist further.

SI

Here you have 2 Screen Shots. One for the Blacklist and another for the Policy applied.

We test Another way to block Specific URL.

On the policy configuration, at the bottom of the configuration file there is "Content Filter Exceptions". We added the specific URLs to block and it worked.
My concern is this:
What to say to the customer about how to block Specific URLs?
Should we tell - "Blacklist Entry" or "Content Filter Exceptions". We know that the documentation for this SWG says "Blacklist Entry", but in this case????
It's the Appliance? or Wrong Configuration? or Both?

Moises,

From your screenshots, it appears as though you have it configured properly from the Blacklist/Policy side.  *.facebook.com should be blocked from access for the IP addresses or AD Attributes in that policy.

In regards to your 2nd question - both methods work.  The Blacklist entry is a bit easier if you are managing mass exception lists for more than 1 group, since you can use one of the Custom Restricted lists and just select an action for that rather than adding or uploading a list per policy.  If the exception is more policy specific, it's easier just to add it to the bottom of the policy.

Thanks for confirming the configuration with the screenshots. Once again, our concern is:

Why isn't working the Specific URL blocking with Blacklist?

Do you think we should consider have the Appliance Repair or open a Case with Support Team?

Thanks in advance.

Hi Moises,

I've set my Blacklist policy up exactly the same as you have and it's actually working fine for me.  Any chance browser is caching on the client machine you are testing on?  Could you try from some other clients behind the Web Gateay as well?  I guess the other thing you want to conifrm is that the policy where you configured the Custom Restricted List to be blocked is indeed being applied here(we couldn't see this in the screenshots).  Also what could you see in the Custom Reports when you were testing this out?

If things still don't work out I'd say a Support case is the way to go and the guys should be able to figure out what's going on here.  By the way what version are you running?  I'm on 4.5.3.38(latest).

Cheers,

Kevin