ZIA Logs - Rule Name: None

I’m attempting to troubleshoot why some URLs are being allowed although the categories they reside under are explicitly blocked in a URL filtering policy. Under rule name, it’s listed as “None”

  1. SSL Inspection is not being enforced, but under SSL Inspection settings, the category is blocked.
  2. URLs are not excluded by default under a cloud app nor are they whitelisted under a custom URL category, authentication policy, nor security policy.

Any idea why it shows as “none” under rule name in the logs or why they are not going through the URL filtering policies?

Is it because SSL inspection is not enabled, and the websites are HTTP?

Hi Mark,
Today we do not log the rule name/type for allowed traffic as there are many policy and security items that can ‘allow’ the traffic, as this is allowed traffic, its why you are seeing None in the rule name.

As for why the traffic is being allowed when you intent is to block, this could be for a number of reasons, including the lack of SSL inspection. Our support team is best positioned to help you with this, they can work with you on tracing why the traffic is allowed and recommending the best policy construct. So you have an ticket open for the same issue?

Cheers,
@skottieb