Create a Standalone FQDN Filter Profile

Use the following procedure to create a standalone FQDN filter profile:

Procedure

Step 1

Navigate to Policies > Profiles > FQDN Filtering.

Step 2

Click Create.

Step 3

Provide a unique Name.

Step 4

(Optional) Enter a Description. This may help differentiate between profiles with a similar name.

Step 5

Specify the Type as Standalone.

Step 6

Click Add to create a new row.

Step 7

Specify individual FQDNs (for example, google.com).

  1. Each FQDN is specified as a PCRE (Perl Compatible Regular Expression).

  2. Consider escaping the "." character else it will be treated as a single character wildcard.

Step 8

Specify a Category (for example, Gambling, Sports, Social Networking).

Step 9

Specify the policy Action for the user-specified FQDNs/Categories, Uncategorized and ANY rows.

  • Allow Log - Allow the requests and log an event.

  • Allow No Log - Allow the requests and do not log an event.

  • Deny Log - Deny the requests and log an event.

  • Deny No Log - Deny the requests and do not log an event.

Step 10

(Optional) Specify Decryption Exception for any FQDNs where decryption is not desired or possible. Possible reasons for considering decryption exception include:

  • Desire to not inspect encrypted traffic (for example, financial services, defense, health care, etc.).

  • SSO authentication traffic where decryption is not possible.

  • NTLM traffic that cannot be proxied.

Step 11

Click Save when completed.

What to do next

Attach the profile to a policy rule set. See Rule Sets and Rule Set Groups for more information.