Knowledge Base Article

URL - Category over-ride not taking effect?

Is your URL category over-ride not taking effect?

When configuring firewall rules by domain you do not need to specify the subdomains.  Firewall rules will even cover the subdomains if you specify a Top Level Domain e.g. "uk" would cover all the subdomains such as bbc.co.uk). This is not the case when using domains to override a category though!

Category over-ride from CMA for an domain / FQDN applies just to the that domain or FQDN. Any subdomains must be specified with its own FQDN.

E.g. over-riding category for http://catonetworks.com to a category of your choice does not change the category for http://www.catonetworks.com

Hope you find this helpful. 

Thanks Nath​  based on your comment I have added following article that shows how to add a custom app to get around having to override individual domains.

Add the custom app in a rule and place it above the rule that blocks the traffic.

https://support.catonetworks.com/hc/en-us/articles/4413265662993-Working-with-Custom-Apps

Reference Article:

https://connect.catonetworks.com/kb/cato-cloud-best-practices/how-to-block-a-tld-top-level-domain-or-a-specific-country/374

Updated 13 hours ago
Version 8.0
enablement
getting started
SWG

2 Comments

  • Nath's avatar
    Nath
    Icon for Staying Involved rankStaying Involved
    18 hours ago

    We noticed this same behaviour and is one of the reasons we don't make use of the category over-ride feature.  Instead we add the domain into a custom category which is permitted in the firewall policy above the rule causing the blocking.

  • CATOM's avatar
    CATOM
    Icon for Cato Employee rankCato Employee
    14 hours ago

    That's an excellent suggestion. Referenced article on how to create custom app in the article.