URL filtering cannot be blocked, follow the steps below to troubleshoot
Step 1: Check if the device has been installed with license:
Check whether the URL Filtering has a license in use status via [System->License Config]
Step 2: Check the URL filtering signature library whether it has been upgraded to the latest version via[System->Upgrade Center->Signature Upgrade page]
Step 3: Check whether the referenced URL filtering policy has been changed to [drop], click edit the referenced URL policy via[Objects->APP Security->URL Filtering->Profiles](If you don't know which URL category the blocked URL is in, you can set the action of all categories to drop as below first)
Step 4: if you need to block HTTPS pages, you need to enable the Enable HTTPS URL filtering function, click the referenced URL policy via [Objects->APP Security->URL Filtering->Profiles], select Enable HTTPS URL filtering
Step 5: Check whether the security policy references the URL filtering policy. Different VRFs have different security policies. Please confirm the security policy that the test traffic passes through and references the URL policy, check the reference URL filtering policy situation via [Policies->Security Policies->Security Policies]
Step 6: Click the Activate button via[Objects->APP Security->Advanced Setting], and test again to see if it is blocked
If it still cannot be blocked, follow the steps below to troubleshoot
If the blocked traffic is HTTPS protocol, check whether the device version is above Release 9660P51. Versions before Release 9660P51 do not support HTTPS protocol client hello fragmentation, please upgrade the version, you can check the version information via [System->Maintenance->About->Version Info]
After upgrade the version, if it still cannot be blocked, the browser may have enabled the QUIC protocol, you can disable the QUIC protocol in the browser
How to disable the QUIC protocol when using Chrome browser
Access the chrome://flags/#enable-quic page in the Google browser, and set the Experimental QUIC protocol status to Disable
How to disable the QUIC protocol when using Microsoft Edge browser
Access the edge://flags/#enable-quic page in the Microsoft Edge browser, and set the Experimental QUIC protocol status to Disable
Disabling the QUIC protocol will have the following two limitations:
1) The QUIC protocol is based on UDP transmission. After disabling QUIC, the transmission is based on TCP, which may cause the speed of opening web pages to slow down.
2) For web pages that only support the QUIC protocol, they cannot be opened.
