Blocked category override?

I’m playing with blocked categories in gateway and would like to know how I can override a site being blocked.

I’ve tried the following (just for testing - I don’t actually care about blocking gambling specifically, that’s just a relatively safe category to play around with on a work device):

Firewall Policy … DNS policy…

Content Categories in Gambling
Domain not in list “Test”


That works reasonably well, it blocks all gambling sites, but if I add a domain into the list “Test” it stays blocked.

I’ve also tried creating a completely different allow rule and prioritising it over the block rule with just one domain specified, that also doesn’t override the content category block list.

How to do this please?


If I need to allow some specific domain, which is in a category which is in a policy “block”, I make sure the policy “allow” is above the “block” one.

In “AD dopusti” I allow domains which are usually blocked by other defined policies, either manually or via content categories.

Furthermore, recently I have had a case where domain was blocked by the “AD security” policy with the specific content categories selected on purpose.

Later, once needed (still deactivated) is “” plicy which have had action “allow” and is listed above the “AD seucrity” which is with the action “block” as expected to “override” or is being checked first as the “order & priority of precedence” rule.


Helpful article:

1 Like

Thanks for the reply.

I don’t know if this makes a difference, but I’m currently playing with the free tier (almost certainly with a plan to move onto the ‘Pay-as-you-go’ tier if we can make this work how we want it to work).

I have the same setup as you. I’ve simplified this right down to test…

Priority 1: Domain is 888 . com - Allow

Priority 2: Content Categories in Gambling - Block

Reload the URL in a dedicated VM and I get a block page. :man_shrugging:

A bit strange, yes :thinking: redirects to has a TTL 86400 seconds and is a CNAME to has a TTL of 60 seconds. is classified under the following categories Gambling, CIPA Filter.

If you check your logs you will see that you aren’t being blocked for, you’re being blocked based on DNS lookup results for


Thank you very much for this. :+1:

1 Like

No worries, the first time I encountered this scenario I spent an hour trying to debug and was convinced I was having a stroke.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.