User enabled url function and predefine the policy of url classification. After configuring DNS resolution, it was failed to upgrade the policy. Checked the status of url upgrading is as follow:
[USG2210]dis sec ser
Security server : sec.huaweisymantec.com
URL Filter Connection State : 1(0-Disconnected 1-Connecting 2-Connected)
1. On usg, user can ping the domain name “sec.huaweisymantec.com and access”. It showed that domain name resolution and connection of upgrade address are no problem.
2. Enabled debugging url-filter and checked the log. Found that it can’t connect with the remote port 8890 of “sec.huaweisymantec.com”
3. Checked the link of carrier, port 8890 didn’t be blocked. It’s something wrong at the port of “sec.huaweisymantec.com”
4. Contacted the person in charge of the website “sec.huaweisymantec.com” to solve the problem. The port was no problem, so that policy of url classification upgraded successfully.
1. Domain name resolution problem
2. The limit of packet filtering.