FAQ- How to check the full URL string in URL logs on the NGFW

Publication Date:  2016-05-25 Views:  426 Downloads:  0
Issue Description

URL filtering is configured on the firewall we have the possibility to check  on the web interface at  Monitor > Log > URL Log the statistics recorded on requested URLs. We can view URL logs to check why access to some URLs is allowed, blocked or allowed with an alert record.

In the situation where the URL string has a large number of characters, a portion of the string will be concealed by the following characters "/.../"   which will not allow the possibility of querying  the entire address.



Solution

To check the entire URL string of the filtered URLs is to create an audit account and to configure audit policies in order to check the url access. The audit account has the possibility to check the entire URL string in the audit logs.

Note:  To benefit of the Audit feature the Content security function must be enabled by license

Configuration example:


Configuring the Audit Profile

Procedure

 

1.      Choose Object > Audit Configuration.

2.     Click Add.

3.     Create an audit profile using the following parameters





 Configuring an Audit Policy

Procedure

1.     Choose Policy > Audit Policy.

2.     Click Add.

3.     Set the name and description of the audit policy.



 


After the configuration is completed,  and you login with the audit account , you will be able to  view the full URL string of the filtered URLs in the Audit logs

END