07 October 2010

TMG non-primary URL filtering categorization Walkthrough

As part of

One of the new features that has been added is:

Including non-primary URL filtering categorizations. Forefront TMG uses an algorithm to select a URL’s “primary” category from among up to four categorizations provided by Microsoft Reputation Services (MRS). In Update 1 you can control access to sites that match any of the non-primary categorizations provided by MRS. For example, a URL with a primary categorization of News can now match a rule by any of its non-primary categorizations (such as Web Mail).
Documentation on this has been a little thin so hopefully this will help someone out there.

If we look at the Pre-software update environment and lookup a URL category we only get one match for www.yahoo.com

If you look at the Deny rule that is added in the "web access policy" we can deny access to the various categories.


So what do we get from Software Update 1 ?

When we do a category lookup we now see that multiple categories are listed.

Now there need to be a mechanism to turn non primary category filtering on or off.  When looking at the Deny Rule for the "web access policy categorizations" 

So my test is now going to be to access www.yahoo.com with non primary filtering turned on and off.  I am only filtering portal sites which was listed as a non primary category for that URL.

With it un checked we can see the Yahoo page



But when we check it then it blocks the request by the non primary url category

If you want to disply the category information on the Access Denied page you need to set it opn the deny rule.

Click advanced and check the "Add denied request catagory to notification. This option is only available when URL filtering is enabled" check box.


Conclusion
The ability to block sites by up to four category matches is a very powerful feature.  It is great that it has been added to TMG.  Since the implementation of this is on a rule level, you can selectively apply this to certain users only if you wish to do so.

No comments:

Post a Comment