What are the requirements for the URL category classification feature?


Article ID: 167171


Updated On:




The URL categorization feature has the following deployment requirements:

  • The PacketShaper must have Internet access to connect to the WebPulse service.
  • A DNS server must be configured on the PacketShaper.
  • The PacketShaper hardware must have a valid support contract, although there is a 30-day grace period.
  • If you want to secure access to the outside interface, do not use the secure option because the URL category feature requires access to a number of outside servers. Instead, use the list security option and add the IP addresses of the following servers to the exception list:

¦ WebPulse service points (Use the setup urlcategory show service CLI command to see the IP addresses of the servers; add the one or two fastest servers.)

¦ category map update server (sitereview.bluecoat.com)

¦ support update server (updates.bluecoat.com)

¦ heartbeat server (hb.bluecoat.com)

Note: To find the IP address associated with each of these servers, use the nslookup command (such as the dns lookup CLI command).

The URL categorization feature has the following limitations:

  • Because the PacketShaper gives higher priority to flow delivery than to classification, it will never hold up flows to wait for a response from WebPulse. Therefore, the first few packets of a flow may get classified into a web or default class until WebPulse sends the URL category to the PacketShaper.
  • Packet processing takes precedence over URL categorization. If the PacketShaper is under load, category requests may get queued, and some requests may be dropped.
  • Behavior for asymmetrically applied redirect policies is non-deterministic for URL category-based classes since URL categorization is done out of path. Therefore, when applying never-admit policies with the redirect option, be sure to apply the policy to the category classes in both directions (Inbound and Outbound).