Eudemon1000E example for URL filter

Publication Date:  2013-07-29 Views:  284 Downloads:  0
Issue Description
Customer want to use URL filtering,we provide the config example.
[Eudemon] url-filter enable
[Eudemon] http-access notification text Sorry,You are not authorized to access the URL!
[Eudemon] pattern-group xxx type url
[Eudemon-pattern-group-url-xxx] pattern any xxx.com
[Eudemon-pattern-group-url-xxx] quit
[Eudemon] url-filter policy urlpolicy1
[Eudemon-urlfilter-policy-urlpolicy1] blacklist enable
[Eudemon-urlfilter-policy-urlpolicy1] whitelist enable
[Eudemon-urlfilter-policy-urlpolicy1] blacklist group xxx
[Eudemon-urlfilter-policy-urlpolicy1] quit
[Eudemon] web-filter policy webpolicy1
[Eudemon-web-filter-policy-webpolicy1] policy url-filter urlpolicy1
[Eudemon-web-filter-policy-webpolicy1] quit
[Eudemon] policy interzone trust untrust outbound
[Eudemon-policy-interzone-trust-untrust-outbound] policy 1
[Eudemon-policy-interzone-trust-untrust-outbound-1] action permit
[Eudemon-policy-interzone-trust-untrust-outbound-1] policy source range 10.10.10.10 10.10.10.100
[Eudemon-policy-interzone-trust-untrust-outbound-1] policy time-range time1
[Eudemon-policy-interzone-trust-untrust-outbound-1] policy web-filter webpolicy1
[Eudemon-policy-interzone-trust-untrust-outbound-1] quit

But after they type it in the firewall. URL filtering did not t work here as well while testing.
Alarm Information
The url like www.cnn.com/ can be viewed, URL filtering  did not work.
Handling Process
Use command 1、 dis policy interzone  trust  untrust  outbound   2、 display url-filter stat    
see the detail.

Fault reason:
1.We found that cutomer missed the command
pattern configure commit

2.They  add new rules to steer clear of the  URL filtering rules.
#
policy interzone trust untrust outbound
policy 49
description deny
  action deny
  policy destination 103.21.236.0 0.0.3.255

policy 50
description permission-untrust-trust-common
  action permit
  policy dpi network_control


policy 51
description deny
  action deny
  policy destination 184.168.221.24 0.0.0.0

 policy 5
  action permit
  policy time-range time1
  policy source 103.245.178.0 0.0.1.255
  policy web-filter webpolicy1
Root Cause
Use command 1、 dis policy interzone  trust  untrust  outbound   2、 display url-filter stat    
see the details.

Suggestions
We must commit pattern  rules which is often missed by the URL filtering new users.

Be careful and switch the policy rule orders.

END