|
Follow the below configuration to allow a URI (/business) and block the rest of the domain (gmail).
Create proxy addresses as below:
# config firewall proxy-address
edit "gmail-domain"
set type host-regex
set host-regex "gmail.com" > Domain gmail.com
next
edit "gmail-sub"
set host "gmail-domain"
set path "/business" > URI gmail.com/business
next
end
Create Allow sub-domain policy:
# config firewall policy
edit 1
set type explicit-web
set name "ACCEPT-POLICY"
set dstintf "any"
set srcaddr "all"
set dstaddr "gmail-sub" > Gmail URI
set action accept
set schedule "always"
set service "webproxy"
set explicit-web-proxy "web-proxy"
set logtraffic all
set log-http-transaction enable
set comments " (Copy of Test)"
set ssl-ssh-profile "test" > Deep inspection
next
Create deny (Gmail) policy:
edit 4
set type explicit-web
set name "DENY-POLICY"
set dstintf "any"
set srcaddr "all"
set dstaddr "gmail-domain" > Gmail domain
set schedule "always"
set service "webproxy"
set explicit-web-proxy "web-proxy"
set logtraffic all
set ssl-ssh-profile "test" > Deep inspection
next
end
Note: Here the ordering of the firewall policy is crucial.
The accept policy (allowing the subdomain) should always reside above the deny policy (denying the complete domain) in order.
|
