To enforce web filtering policies, add URL Filter objects to the application rules as an additional matching criteria or as a policy object. When the application rule matches, the website URL is compared with the on-device cache or online Barracuda URL category database. Once classified, the policy set for this URL category is executed. A valid Energize Updates subscription is required for URL Filtering in the Firewall service.
Before You Begin
Create URL Filter Policy Objects and URL Filter Match Objects as needed. For more information, see How to Create a URL Filter Policy Object and How to Create a URL Filter Match Object.
Step 1. Enable URL Categorization
You must enable the URL Filter to be able to process URL categorization requests. To change additional settings for the URL Filter service, see the Application Detection section in General Firewall Configuration.
Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Security Policy.
Click Lock
In the URL Filter section, expand the Enable URL Filter in the Firewall drop-down list and enable URL filtering.
Click Send Changes and Activate.
The Barracuda URL Filter is now enabled and can handle URL categorization requests.
Step 2. Enable URL Filter for the Access Rule Handling Web Traffic
Enable Application Control, SSL Inspection (optional), and URL Filter for the access rule matching web traffic.
Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
Double-click to edit the access rule matching HTTP and HTTPS traffic.
Click on the Application Policy link and select:
Application Control – required.
SSL Inspection – optional. If configured, select a policy from the SSL Inspection Policy drop-down list. For more information, see TLS Inspection in the Firewall.
URL Filter – required.
Click OK.
Click Send Changes and Activate.
Step 3. Create an Application Rule Using URL Filter Objects
Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
In the left menu, click Application Rules.
Click Lock.
Create a PASS application rule. For more information, see How to Create an Application Rule.
Source – Select the same source used in the matching access rule.
Application – Select Any to use only the web filtering. Otherwise, select an application object from the drop-down list to combine application control and URL filtering.
Destination – Select the same destination used in the matching access rule.
Set at least one URL Filter object for the application rule:
Select a URL Filter Policy Object from the URL Filter Policy drop-down list.
Select a URL Filter Match Object from the URL Filter Matching drop-down list.
Click OK.
Click Send Changes and Activate.
Rules are evaluated from top to bottom. Only the policy set in the first matching PASS rule that has URL Filter enabled is executed.
Monitoring URL Filtering in the Firewall
You can either check individual connections to see which policies are applied in the FIREWALL > Live View or see a summary of all Application traffic in the FIREWALL > Firewall Monitor.
Firewall Live View
Go to FIREWALL > Live View and add the URL Category column to see the matching access and application rule, and the detected URL Filter category.
Firewall Monitor
Go to FIREWALL > Monitor to receive a summary of all application and web traffic that matches Application Control-enabled access rules. Click on the links in the individual elements to apply filters to the monitor. Click the filter icon in the taskbar to see only specific URL Filter policies.
