Recommendations to limit the impact of changing the EWC URL database

The steps below serve to limit the impact of changing the EWC URL database, as described in the section Understanding the impact of changing the EWC URL database.

You are strongly advised to carry out these steps before updating the firewall to an SNS version that uses the new database. If the firewall has already been updated, go to the section Checking and adapting the security policy after the EWC URL database has been changed.

IMPORTANT
Before updating the firewall, we strongly recommend backing up the current configuration of your firewall so that you can restore it whenever necessary.

For every URL filter policy profile used:

1. Disable all rules with a Block action, excluding the rules under section "2 - Always block", which match your environment (see appendix Recommended URL/SSL filter profiles).
2. Create a rule with a Pass action applied to the Any URL category and placed in the last position of the URL filter profile.

For every SSL filter policy profile used:

1. Disable all rules with a Block without decrypting action, excluding the rules under section "2 - Always block", which match your environment (see appendix Recommended URL/SSL filter profiles).
2. Create a rule with a Pass without decrypting action applied to the Any URL category and placed in the last position of the SSL filter profile.

You can then proceed to update the firewall. The modified policy is not the optimal version but will not block commonly encountered and legitimate traffic for your users. Next, continue to the section Checking and adapting the security policy after the EWC URL database has been changed.