Note: It is assumed that SSL deep inspection is enabled on the firewall. If SSL deep inspect is not enabled, the below is only valid for http traffic
If you are encountering an "Access Denied" popup when attempting to access a URL on a GajShield firewall, it could be due to the firewall's URL filtering feature. The URL filtering feature allows administrators to block or allow access to specific URLs based on policies set on the firewall.
If the URL you are trying to access is blocked, you will see an "Access Denied" popup. The reason for the block and the policy that caused the block should be listed in the popup.
As an administrator you can also do the following to investigate further
siteblocklog -f <System_IP>
System_IP : IP address from where the end user is browsing the blocked site
For example: To check URLs that are getting blocked for the IP address 192.168.2.66, run the following comand
siteblocklog -f 192.168.2.66
It will provide you the blocked sites for 192.168.2.66 and the reason why these URLs is being blocked.
Diagnosis -> URL Filter -> URL Filter Check
Enter the username/IP address along with the URL you would like to inspect.
It will provide you the rule that matches the above combination.
To resolve this issue, you can
Modify the URL filtering policy to allow access to the URL through the GajShield web management interface.
It is important to note that URL filtering is a security feature and should only be modified if necessary.