CDN Hosted Web Traffic Hitting Implicit Deny.

Forum|Forum|1 year ago
January 3, 2025
2 replies
2120 views

I have a lot of user web traffic that is ultimately hitting the implicit deny because instead of matching the general 80/443 web rule we have in place with the appropriate UTM, it is hitting the implicit deny. The commonality with all of this traffic is that rather than being seen as SSL or web browser application traffic it is being seen as a CDN application (Akamai, Fastly, AWS, etc...).

I'm trying to determine what would be the best way to handle it. I thought about creating a clone of the standard web browsing rule and making it specific with CDN applications, but in the logs they all report as "unscanned" sites and I don't think the web filtering would work in those cases, which I fear would leave some holes I don't want.

Was hoping someone else has dealt with this, or something similar, and had a course of action they took.

Thanks!

AEK

SuperUser

Did you try using ISDB as destination?

AEK

dingjerry_FTNT

Staff

CDN entries in ISDB:

Sevro_WolfAuthor

New Member

This seems like a good option, but I just want to confirm, will ISDB based policies also apply the web filtering, application control, and other UTM features?

dingjerry_FTNT

Staff

Hi @Sevro_Wolf ,

No. You can create a new firewall policy above the current one using any UTM features.

The new firewall policy uses the ISDB object as the destination and you may apply either Allow or Deny action for it.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded