Forefront TMG Update 1: Multiple URL Categories by diTii


									Configuring multiple categories
There is a checkbox in the designated property page, called "For URL filtering, apply to non-primary
categorizations". When checked, all categories returned for the queried URL will be considered by the
appropriate policy element during policy evaluation.

Note: The default configuration for these elements is to apply the primary category only (as in previous


For example, assume that the URL is categorized by MRS as Alcohol, Streaming
Media and News:

The exclamation mark icon indicates the category that Forefront TMG has determined as the primary
category, and the check mark icons indicate the non-primary categorizations.

Assume also that we have a rule denying access to Alcohol, News and Streaming media URL categories.
Now let's see how the rule engine outcome changes according to the new functionality and different
categories in the list:
URL Categories in a rule           Is non-primary categorization       Will the rule match?
                                   enable enabled?
Alcohol                            Both Yes and No (Alcohol is the Yes
                                   primary category and isn't affected
                                   by the new functionality)
News                               No                                  No
News                               Yes                                 Yes (Logged as News)
Streaming Media and News           Yes                                 Yes (Logged as Streaming Media)
Alcohol and Streaming Media         Yes                                   Yes (Logged as Alcohol)

Each Forefront TMG element dealing with multiple categories may match a different category. For
example, if destination exceptions in malware inspection contain News category and exceptions in HTTPS
outbound inspection contain Streaming Media category, a request to would both be
excluded from malware inspection and HTTPS outbound inspection.

Logging and Reporting

When you include non-primary categorizations, there is an effect on logging and reporting. Instead of
logging the primary category, Forefront TMG logs the category that appears in both matched rule and
MRS result that has the highest place in the precedence list. For example, if the matched rule contains a list
of categories including News, Sports and Travel categories and the requested URL was categorized as
News, Travel and Chat, the logged category would be the most significant of News and Travel (which is
Travel). Reporting utilizes logged categories, so according to multiple categories configuration state,
reported categories may vary for the same traffic logged with or without non-primary categorizations.

URL categories applied to malware inspection and HTTPS outbound inspection aren't logged.

To top