Why should I use FQDNs instead of IP addresses in custom URL categories?

Users typically enter user-friendly domain names rather than IP addresses in browsers, so FQDN-based policies ensure destinations are correctly blocked or allowed based on URL filtering rules. IP-based blocking should be implemented in Cloud Firewall policy instead.

What is the retain parent category option and why is it important?

The retain parent category option ensures URLs are evaluated against both their original category and any custom categories they belong to, making URL filtering policy easier to understand and troubleshoot when investigating unwanted behaviors.

URL Filtering Policy Best Practices in Zscaler

Name: URL Filtering Policy Best Practices in Zscaler
Uploaded: 2026-05-08T19:18:16-04:00
Duration: 5 min 47 s
Description: In this video, you will learn about: - What makes good URL Filtering policy - How to best build this policy - Advanced setting that should be configured for comprehensive URL filtering 0:00 Introduction 0:14 URL Filtering objectives and best practices ...

Zscaler

05/08/2026

0 (0%)

Report Like Favorite

TL;DR

URL filtering policy should address three objectives: protecting against security threats, limiting legal liability from inappropriate content, and reducing productivity loss from non-business sites
Build policy top-down starting with specific allow/block rules, then global security and legal blocks, followed by user/location-specific rules, and ending with category-based blocks
Enable suspicious new domains lookup to block newly registered and revived domains commonly used in phishing campaigns, and configure HTTP tunnel control settings to prevent traffic obfuscation
Use FQDNs instead of IP addresses in custom URL categories and enable retain parent category option to ensure proper policy evaluation and easier troubleshooting

Summary

This technical tutorial demonstrates how to build effective URL filtering policies within Zscaler's Zero Trust Exchange platform. The session covers three core objectives for URL filtering: protecting users and data from security threats like malware, limiting organizational liability by blocking inappropriate content such as pornography and hate speech, and reducing productivity loss from non-business websites. The presenter walks through a recommended policy structure that begins with the corporate acceptable use policy as a foundation, then implements a top-down rule hierarchy starting with specific allow/block rules, followed by global security and legal liability blocks, and concluding with category-based restrictions. Advanced configuration settings are explored, including suspicious new domain lookups, embedded site categorization, HTTP tunnel control, and domain fronting protections. The tutorial emphasizes using FQDNs rather than IP addresses in custom URL categories and enabling the retain parent category option to simplify policy troubleshooting and ensure URLs are evaluated against both original and custom categories.

Chapters

0:00 - Introduction
0:14 - URL Filtering Objectives
1:56 - Example Policy Structure
3:45 - Advanced Settings Configuration
5:43 - Conclusion

Key Quotes

0:45 "Zscaler recommends you begin building URL filtering policy by starting from your corporate acceptable use policy."
1:22 "Zscaler recommends blocking the legal liability, malicious, and suspicious categories entirely."
4:32 "This will allow you to create policy to block the Newly Registered and Observed Domains and Newly Revived Domains categories, which contain domains that are often used as part of phishing or malware distribution campaigns."

Categories:

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

05/12/2026

01:00 PM

05/12/2026

Transforming Black Box to Glass Box: Revealing Hidden Threats and AI Risks through Data Lineage

https://www.truthinit.com/index.php/channel/1895/transforming-black-box-to-glass-box-revealing-hidden-threats-and-ai-risks-through-data-lineage/
05/12/2026

11:30 PM

05/12/2026

Implementing Effective Strategies for Active Directory Security and Data Protection

https://www.truthinit.com/index.php/channel/1888/implementing-effective-strategies-for-active-directory-security-and-data-protection/
05/13/2026

01:00 AM

05/13/2026

Transforming the Black Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1890/transforming-the-black-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/13/2026

05:00 AM

05/13/2026

Transforming Black Box to Glass Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1894/transforming-black-box-to-glass-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/19/2026

01:00 PM

05/19/2026

Establishing a Robust AI Governance Framework for GenAI Throughout Its Lifecycle

https://www.truthinit.com/index.php/channel/1936/establishing-a-robust-ai-governance-framework-for-genai-throughout-its-lifecycle/
05/20/2026

10:00 PM

05/20/2026

APAC: Establishing an AI Governance Framework for GenAI Throughout the Deployment Process

https://www.truthinit.com/index.php/channel/1953/establishing-an-ai-governance-framework-for-genai-throughout-the-deployment-process/
05/21/2026

11:00 AM

05/21/2026

The Autonomous Era: Orchestrating a Resilient Enterprise

https://www.truthinit.com/index.php/channel/1372/the-autonomous-era-orchestrating-a-resilient-enterprise/
05/27/2026

04:00 AM

05/27/2026

Rivoluziona i rischi dell'AI in opportunità con Netskope AI Security

https://www.truthinit.com/index.php/channel/1925/rivoluziona-i-rischi-dellai-in-opportunità-con-netskope-ai-security/
05/28/2026

10:00 AM

05/28/2026

Harnessing AI: Transforming Perception into Purposeful Mastery

https://www.truthinit.com/index.php/channel/1924/harnessing-ai-transforming-perception-into-purposeful-mastery/
05/28/2026

01:00 PM

05/28/2026

AI in the Fast Lane: Effectively Managing AI Security for Small Teams

https://www.truthinit.com/index.php/channel/1951/ai-in-the-fast-lane-effectively-managing-ai-security-for-small-teams/
06/02/2026

01:00 PM

06/02/2026

Satori Spring: Insights from Recent Research on the 2026 Threat Landscape

https://www.truthinit.com/index.php/channel/1930/satori-spring-insights-from-recent-research-on-the-2026-threat-landscape/
06/04/2026

02:00 AM

06/04/2026

Mastering the Unseen: Managing Shadow AI and Agentic MCP Traffic

https://www.truthinit.com/index.php/channel/1948/mastering-the-unseen-managing-shadow-ai-and-agentic-mcp-traffic/
06/16/2026

07:00 AM

06/16/2026

Transforming Data Risk into Actionable Priorities: What to Address First

https://www.truthinit.com/index.php/channel/1952/transforming-data-risk-into-actionable-priorities-what-to-address-first/