I have a new XG implemented as a replacement of an SG. One of the features I was most looking forward to reimplementing was web filtering - primarily for control of ads, malware and spam URLs etc.
I have the XG default web browsing policy configured at the bottom of my firewall policy list. In it, I have made a couple of minor changes - basically adding a trusted download site list for http-based downloads for a group of users.
If I (re)apply this web policy to the (last) firewall rule "#Default_Network_Policy" - which I haven't yet renamed - and then I browse to a website that has links to something like addthis.com (which isn't resolving - and this may be the key to this puzzle?) I get authentication prompts for the site's URLs. No other web policies are applied to any firewall rules.
For example:
http://s7.addthis.com/static/sh.7a295a410262af12dfaaa96a.html
attempts to load some JSON from
http://m.addthis.com/live/red_lojson/100eng.json?REDACTED
which pushes me to
XGIPADDRESS:8091/ntlmauth.html
As I type this, 1m.addthis.com is not resolving:
So first ... is my hypothesis right, does web filtering throw to authentication if DNS doesn't resolve? Can I stop that? Or have I screwed something up?
This thread was automatically locked due to age.
