Troubleshooting Policies and Categories
Learn effective strategies for identifying and resolving issues with Troubleshooting Policies in this comprehensive guide.
Table of Contents
Resolving Conflicts Between Policies
Conflicts may arise when managing DNS filtering policies when multiple policies contain the same domain with different rules (e.g., one policy blocks a domain while another allows it). This article provides guidelines on how to resolve such conflicts effectively.
Understanding Policy Priorities
Policies consist of various categories that establish rules for DNS filtering. Each category can be assigned a priority level, which dictates which rules are applied. The highest-priority rule is used, ensuring it takes precedence over rules with the same domain name in lower-priority rules.

By setting the appropriate priority levels and utilizing domain overrides, you can effectively resolve conflicts between policies and enforce the most important rules. Regular testing and validation are crucial to maintaining the integrity of your DNS filtering setup.
Steps to Resolve Policy Conflicts
Identify Conflicting Policies:
- Review the policies to identify domains that have conflicting rules. Check if the same domain appears in multiple categories with different actions (allow, block, etc.).
Set Priorities:
- Assign priority levels to each category within the policies. Higher priority categories should contain the most critical rules that need to be enforced first.
Apply Rules Based on Priority:
- When a domain appears in multiple categories, the rule with the highest priority in the category is applied. For example, a domain will be allowed if a lower-priority category blocks it and a higher-priority category allows it.
Use Domain Overrides:
- Use domain overrides for specific scenarios where certain domains need to bypass the general policy. This allows you to set rules for individual domains without affecting the overall policy.
Test and Validate:
- After configuring the priorities and overrides, test the policies to ensure they work as intended. Verify that the correct rules are applied according to the priority levels.
Examples and Troubleshooting
Example of Conflicting Rules
Scenario: A domain is blocked in one policy but allowed in another. Look at the following rules:
- Policy A (Priority 10): Blocks
google.com
- Policy B (Priority 20): Allows
www.google.com
Results: In this scenario, www.google.com
will be allowed because Policy B has a higher priority than Policy A
Solution: Check the priority levels of the categories containing the conflicting rules. Ensure that the higher priority category has the intended rule. For instance, if google.com
is blocked in a lower-priority category but allowed in a higher-priority category, the domain will be allowed, and you should determine whether the higher-ranked rule should be included in the policy.
Example of Subdomain Conflicts
Scenario: A subdomain is allowed in one policy, but the main domain is blocked in another.
Solution: Ensure that the subdomain rule has a higher priority than the main domain rule. For instance, if www.google.com
is allowed but google.com
is blocked, the rule for www.google.com
should have a higher priority to ensure access.
Example of Overlapping Categories
Scenario: Two categories contain overlapping domains with different rules.
Solution: Review the priority levels of the categories and adjust them to ensure the intended rule is applied. For example, if socialmedia.com
is blocked in one category and allowed in another, the category with the higher priority will determine the final rule.
Example of Wildcard Domain Conflicts
Scenario: A wildcard domain is blocked in one policy, but a specific domain within the wildcard is allowed in another.
Solution: Ensure that the particular domain rule has a higher priority than the wildcard domain rule. For example, if *.example.com
is blocked but specific.example.com
is allowed, the rule for specific.example.com
should have a higher priority.