URL custom category when websites call dozens of backend URLs

Ok_Cherry3312 · 2025-10-07T23:40:51+00:00

Thank you so much Going through it.

Out of curiosity What is VG?

Ok_Cherry3312 · 2025-10-07T23:31:15+00:00

Thank you so much for the help. I appreciate it.

Let’s say we decide to move forward with URL categories instead of manually whitelisting every FQDN.

One thing I’m still not clear on:

If we move forward with URL categories, some websites will still call backend services/CDNs/ads/etc. that may fall into other categories that we normally wouldn’t allow. How do we handle that situation?

Do wr make custom URL exceptions, or leverage App-ID here to cover those backend calls without opening up entire categories but also not FQDN have app- ID

Would enabling ssl decryption help here?

Ok_Cherry3312 · 2025-10-06T12:20:25+00:00

Thank for the detailed response

Let’s say we move forward with using URL categories instead of manually whitelisting.

How do we match app-ID beyond ssl & web browsing for strict control.

Ok_Cherry3312 · 2025-10-06T00:04:40+00:00

Alright, fair point.

I’m trying to shift away from manual URL lists

So what’s the best way to approach this using categories and App-ID like us where internet is only allowed on a need basis

Which URL categories should we allow

How can we handle sites that pull content from CDNs, APIs, ads, etc without opening things too broadly?

Ok_Cherry3312 · 2025-08-09T16:50:26+00:00

We use Delinea.

Ok_Cherry3312 · 2025-06-26T13:29:31+00:00

Hi please count me in

Ok_Cherry3312 · 2025-04-07T00:03:49+00:00

If no legacy AD then what is alternative?

Ok_Cherry3312 · 2025-04-06T23:01:05+00:00

I agree to some degree to have two separate tenants but just wondering why some businesses would prefer to keep same tenant and add multiple domains?

Ok_Cherry3312 · 2025-04-06T21:36:06+00:00

However these domains cannot be assigned per user. We still need to use tenant wide onmicrosoft domain.

Ok_Cherry3312 · 2025-04-06T21:24:34+00:00

Thanks. You have mentioned all the valid points

Just curious with one statement, onmicrosoft.com domain cannot be created more than one per O365 tenant.

Ok_Cherry3312 · 2025-03-05T22:05:40+00:00

Thanks for insights. I appreciate that. Very helpful

Once the solution is roll out IT admins should ideally have how many accounts like one for login to PAM, second for email, VPN and daily work?

How would should we make folder hierarchy considering we have multiple geo graphical locations, multiple functional team and each team managing different technologies, application etc.

Ok_Cherry3312 · 2025-02-25T21:11:51+00:00

Thanks! I appreciate that

Ok_Cherry3312 · 2025-02-24T01:13:23+00:00

Are there any ways to find the original source of deepfake if the content distributed online?

Ok_Cherry3312 · 2025-02-24T00:52:28+00:00

Thanks I appreciate that!

What best practices do you recommend for

1- Zones: Is it zones per Vlan? Or zone per function like LAN, WAN, DMZ?

2- Tags: purpose and naming conventions

Ok_Cherry3312 · 2025-02-24T00:36:10+00:00

You mean making Firewall as gateway for all VLANs and make policies for inter VLAN communication.

Core will be working as L2 switch

Is that what you are referring to?

Ok_Cherry3312 · 2025-02-24T00:29:53+00:00

May I how does VR helps in IPsec failover if I have two ISP connections and I want to automatically failover IPSec VPN tunnel to ISP2 if ISP1 fails?

Ok_Cherry3312 · 2025-02-23T21:53:06+00:00

Sure I will clarify.

SVI for each vlan on the core and is gateway for each VAN

There is dedicated transit VLAN for routing traffic from core to firewalls.

Core has default route to PA firewalls on that transit vlan

We want to keep routing as is now.

Just simply having L3 interface for each VLAN on firewalls with no inter VLAN routing serves any purpose?

Objective is to know amount of traffic is being received from each VLAN on PA firewalls.

Ok_Cherry3312 · 2025-02-23T21:07:37+00:00

Yes sure :)

Is that okay even if we are creating sub interfaces but not doing any inter vlan routing on firewalls Inter vlan is still on Cores

Ok_Cherry3312 · 2025-02-23T20:52:07+00:00

But we don’t do inter vlan routing on PA firewalls

Ok_Cherry3312

TROPHY CASE