Creating the APCL/URLF layer and rules
If we were to create a rule containing internal networks as sources, ExternalZone as a destination, and Accept as an action, we would be free to roam the internet from any internal host subjected to NAT.
Since it would be an exceptionally bad idea without the appropriate access controls, let’s change the action to Inline Layer | New Layer. In Layer Editor [1], name it APCL_URLF_Layer
[2], and check the Applications & URL Filtering box [3] in its properties. Also, check the box for Multiple policies and rules can use this layer [4]:
Figure 11.12 – Creating APCL_URLF_Layer for the lab
Choose the Advanced [1] section on the left-hand side, and change the Implicit Cleanup Action option to Drop [2]. Check the box for Detect users located behind http proxy with X-Forward-For [3], and click on OK [4]:
Figure 11.13 – The advanced properties of APCL_URLF_Layer
Now, let’...