Approved and blocked lists allow traffic to override the defined URL filtering, web reputation, and advanced threat protection settings. Keep the following in mind when adding URLs or FQDN/IP addresses to a list:
Cloud Edge supports IPv6 if the Cloud Edge gateway is running in Bridge Mode or as a Software Switch deployment. For approved and blocked list entries used in Bridge Mode and Software Switch deployments, you can add both IPv4 and IPv6 addresses. Additionally, FQDNs and URL entries can resolve to either IPv4 or IPv6 addresses.
For approved and blocked list entries used in Routing Mode deployments, you can add IPv4 addresses and FQDNs and URL entries must resolve to IPv4 addresses.
An asterisk (*) denotes a wild card. Only the beginning or ending of a URL string accepts a wild card.
The approved list takes precedence over the blocked list.
If you deploy a Cloud Edge gateway with hardware switch chipset in Bridge Mode, only the High Security intranet security setting supports approved/blocked list matching for intranet traffic.
The Balanced and High Speed intranet security settings do not support approved/blocked list matching for intranet traffic.
All three intranet security settings support blocked/approved list matching on the external network.