Enabling Risk-based URL Filtering

Filter URLs in the Internet Threat Protection (ITP) policy settings in SonicWall Cloud Secure Edge (CSE)
Updated On: Jun 24, 2026

Risk-based URL Filtering Overview

Risk-based URL filtering allows admins to inspect host URLs (i.e., to determine threats associated with URLs and block or allow access accordingly). Admins enable Risk-based URL Filtering on an Internet Threat Protection (ITP) policy in the CSE Command Center.

URL exceptions and explicit URL blocks are no longer configured inside Risk-based URL Filtering. They are configured in the consolidated Domain & URL Bypass and Domain & URL Blocking fields on the ITP policy itself. See Manage Internet Threat Protection (ITP) Policies for the current flow. Existing URL Allowlist and Explicit URL Blocking entries were migrated automatically when the consolidated fields shipped.

Pre-requisites

  • mac or Windows device (not available for Linux or Chromebook)
  • SIA advanced license
  • ITP policy associated with your device
  • Desktop app version v3.26.0 or later
  • SSL decryption is turned on in the ITP policy's Assignment progression. Risk-based URL Filtering is unavailable when SSL decryption is off.

Steps to Configure Risk-based URL Filtering

Step 1: Navigate to URL Filtering in an ITP Policy

1.1 Navigate from Internet Access > Internet Threat Protection, and select an existing ITP policy.

1.2 Under the Filtering and Exceptions tab, navigate to URL Filtering.

Step 2: Enable Risk-based URL Filtering

2.1 Toggle on Risk-based URL Filtering.

Only those URLs which are not already explicitly blocked by Category, Domain, and Application Filtering or enabled Threat Protections will be inspected.

Step 3: Add bypasses or blocks for specific URLs

URL bypasses and URL blocks are configured on the parent ITP policy in the consolidated Domain & URL Bypass and Domain & URL Blocking fields, not inside Risk-based URL Filtering. SSL decryption must be on for URL entries to be enforced.

Bypasses are processed before any block rule, including Risk-based URL Filtering. See How ITP rules are processed for the full evaluation order.