NGAF 8.0.x: Best practice to whitelist a specific HTTPS URL (yuminutrition.com) without bypassing global web filtering

Newbie740788 Lv1Posted 2026-Jul-15 23:08

Hi everyone,

We are currently running Sangfor NGAF (v8.0.47) as our primary perimeter firewall.

Currently, we have a strict URL and content filtering policy applied to our LAN users that blocks general categories like "Shopping", "Entertainment", and "Leisure" to preserve bandwidth and maintain productivity.

However, our HR department has requested exception access to a specific external vendor website: https://yuminutrition.com (which we use to coordinate corporate wellness packages and staff nutritional supplements). Because this site is classified under the "Shopping" category, it is currently blocked by our default LAN web filtering policy.

I want to allow access to this specific URL (https://yuminutrition.com) and its sub-assets for all LAN users without whitelisting their entire LAN IP (which would bypass all our security policies, and we want to avoid that backdoor risk) and without unblocking the entire "Shopping" category.

Could you please guide me on the correct administrative steps in NGAF to achieve this?

Is this the correct workflow?
1. Go to Objects > Content Identification Database > URL Database and add "yuminutrition.com" as a custom URL/domain.
2. Go to Objects > Security Object Template > Content Security > URL Filtering and add this newly created custom URL to the Whitelist/Allow template.
3. In Policies > Network Security > Policies, make sure this template is applied to our LAN internet access policy.

Will this be enough to bypass the "Shopping" block category, or do I also need to configure SSL Decryption bypass for this domain under decryption policies so NGAF can inspect the traffic over HTTPS properly?

Any help or step-by-step guidance would be greatly appreciated!

Thanks in advance.

By solving this question, you may help 1001 user(s).

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Moneeb Lv3Posted 2026-Jul-16 12:44
  
Yes, it will be enough although I have added some more details in your steps

1. Go to Objects > Content Identification Database > URL Category and add "yuminutrition.com" as a custom URL/domain.
2. Go to Objects > Security Policy Template > Content Security and click on Add then check the URL Filter and uncheck all other options then add this newly created custom URL to the Whitelist/Allow template.
3. In Policies > Network Security > Policies, select internet access scenario template and LAN as your source and Internet as your destination then on the next page select the URL filter under content security option and then process to next page and finish.
Humayun Ahmed Lv4Posted 2026-Jul-16 12:18
  
If you're using Content Security → URL Filtering + Application Control together, make sure there isn't an Application Control rule blocking the site's CDN, cloud storage, or payment platform. In some NGAF deployments, the URL is allowed but supporting web applications are still blocked by Application Control policies.

I Can Help:

Change

Moderator on This Board

1
156
3

Started Topics

Followers

Follow

1057
217
100

Started Topics

Followers

Follow

Board Leaders