The URL filter function didn’t work after configuration following the product document

Publication Date:  2013-07-30 Views:  326 Downloads:  0
Issue Description
A customer wanted to use the URL-filter feature of Eudemon1000E-X3. After he got a test license and configured the Eudemon1000E-X according the product document, he told to us that the URL-filter didn’t work. The topology is as follows.

The customer wanted to block the cnn.com and bbc.com, but after configuration, he can still access these two website.
In the configuration file, the configuration  related URL filter is as following.
#
pattern-group block_url type url
pattern any cnn.com
pattern exact cnn.com/
pattern exact www.cnn.com/
pattern any bbc.com
pattern any bbc.com/
#
url-filter policy urlpolicy1
blacklist group block_url
#
#
web-filter policy webpolicy1
policy url-filter urlpolicy1
#

policy interzone trust untrust outbound
policy 35
  action permit
  policy time-range time1
  policy source 192.168.0.0 0.0.0.255
  policy web-filter webpolicy1
#   
Alarm Information
none
Handling Process
1. From the current configuration that is shown by the command display current-configuration, we can’t see anything wrong. So we need to do more checked .Execute the commad display license, we found that no license is enabled:
<ABIR_EU1000E-X3-DPI>dis license
16:26:15  2013/07/29
Device ESN is: 210235G6JAZ0C8000085
The file activated is: hda1:/LICON00007330-AFE3FD3D69E_Eudemon1000EX.dat
The time when activated is: 2013/07/24  20:12:50
IPS        : Disabled

Anti Virus : Disabled

Anti Spam  : Disabled

Pre-defined URL category query : Disabled

From the product document, we notice that “The URL pre-defined category query service function is controlled by licenses. When the license expires, the URL pre-defined category query service function cannot be used.” In this issue, we haven’t used the URL pre-defined category but only blacklist, so the license problem is not the cause.

2.  From the history command, we saw that the url-filter is enabled.
07/24/2013 20:37:48  vt0   103.245.xxx.xxx admin                             
  Cmd:url-filter enable

3. From the history command, we didn’t find the this command “pattern configure commit”.  After the customer configured this command, the URL-filter worked. Then we checked the product document, we found that in the example the customer referenced the command “pattern configure commit” was missing. It’s a tiny mistake in the product document. Here the information of the product document is as follows:
Eudemon1000E-X Product Documentation Product
Version: V300R001
Library Version: 05
Date: 5/8/2013
Root Cause
1. The URL license is not exist or is not enabled.
2. The URL filter function is not enabled..
3. The configuration is not commited.
Suggestions
When configuring URL filter, after a pattern group is created or modified, you need to run this command to submit the configuration.
In the product document, the following content is mentioned “Using the pattern configure commit command, you can submit the configuration of a pattern group. A pattern group takes effect only after its configuration is submitted”.
There may be some mistakes in the product document. So when we configure a Eudemon firewall following a product document, we need to know the principle of the feature and some troubleshoot method.

END