Firstly, check if the network is normal or not, after confirmed, the ping can reach the internet, and at the same time can reach the internal network. So the network seems like is normal.
And then, check if there are some incorrect points in the configuration. After checked, I find that the default action of url-policy was configured as block
, as following:
If the url-policy was configured like this, all the URLs will be blocked by the default action except the ones which in the blacklist. So if only want to block the URLs which in the blacklist, need to configure the default action as permit