It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure URL Filtering in the Firewall

  • Last updated on

To enforce web filtering policies, add URL Filter objects to the application rules as an additional matching criteria or as a policy object. When the application rule matches, the website URL is compared with the on-device cache or online Barracuda URL category database. Once classified, the policy set for this URL category is executed. A valid Energize Updates subscription is required for URL Filtering in the Firewall service.

With Barracuda CloudGen Firewall version 8.3.0, a new feature 'Policy Profiles' has been implemented. Policy profiles are centrally managed, (pre-)defined rules for handling network traffic and applications. Instead of configuring URL filtering using firewall objects, you can also switch from the application ruleset to the Policy Profiles view and configure URL filtering policies. For more information, see Policy Profiles and How to Create URL Filtering Policies.

url_filtering.png

Before You Begin

Create URL Filter Policy Objects and URL Filter Match Objects as needed. For more information, see How to Create a URL Filter Policy Object and How to Create a URL Filter Match Object.

Step 1. Enable URL Categorization

You must enable the URL Filter to be able to process URL categorization requests. To change additional settings for the URL Filter service, see the Application Detection section in General Firewall Configuration.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Security Policy.

  2. Click Lock

  3. In the URL Filter section, expand the Enable URL Filter in the Firewall drop-down list and enable URL filtering.

url_auto.png

When set to Auto, the CloudGen Firewall will check for certificates and automatically enable URL categories as soon as a valid license is detected.

  1. Click Send Changes and Activate.

The Barracuda URL Filter is now enabled and can handle URL categorization requests.

Step 2. Enable URL Filter for the Access Rule Handling Web Traffic

Enable Application Control, SSL Inspection (optional), and URL Filter for the access rule matching web traffic.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.

  2. Double-click to edit the access rule matching HTTP and HTTPS traffic.

  3. Click on the Application Policy link and select:

    • Application Control – required.

    • SSL Inspection – optional. If configured, select a policy from the SSL Inspection Policy drop-down list. For more information, see TLS Inspection in the Firewall.

    • URL Filter – required.

conf_wf_firewall_03.png
  1. Click OK

  2. Click Send Changes and Activate.

Step 3. Create an Application Rule Using URL Filter Objects

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.

  2. In the left menu, click Application Rules.

  3. Click Lock.  

  4. Create a PASS application rule. For more information, see How to Create an Application Rule

    • Source – Select the same source used in the matching access rule.

    • Application – Select Any to use only the web filtering. Otherwise, select an application object from the drop-down list to combine application control and URL filtering.

    • Destination – Select the same destination used in the matching access rule.

  5. Set at least one URL Filter object for the application rule:

    • Select a URL Filter Policy Object from the URL Filter Policy drop-down list. 

    • Select a URL Filter Match Object from the URL Filter Matching drop-down list.

conf_wf_firewall_04.png
  1. Click OK.

  2. Click Send Changes and Activate.

Rules are evaluated from top to bottom. Only the policy set in the first matching PASS rule that has URL Filter enabled is executed.

Monitoring URL Filtering in the Firewall

You can either check individual connections to see which policies are applied in the FIREWALL > Live View or see a summary of all Application traffic in the FIREWALL > Firewall Monitor.  

Firewall Live View

Go to FIREWALL > Live View and add the URL Category column to see the matching access and application rule, and the detected URL Filter category.

conf_wf_firewall_05a.png
Firewall Monitor

Go to FIREWALL > Monitor to receive a summary of all application and web traffic that matches Application Control-enabled access rules. Click on the links in the individual elements to apply filters to the monitor. Click the filter icon in the taskbar to see only specific URL Filter policies.

firewall_monitor.png