OK it sounds like the logging is being forwarded correctly, can you check that you are actually pushing traffic into the Application Classification engine and the Web Filtering engine in the policy rules. - in each rule that is allowing traffic make sure you have a "Application Control" Policy and a "Web Filter" Policy attached (even if it is "Allow All") - also check you have an active "Web Protection" subscription - you can check the local logging under "System > Diagnostics > Log Viewer" and then "Web Filter" or "Application Filter" to see what is being generated locally - if the subscription is active and the applications are not being identified from the console check the status of the application classification engine from the console system application_classification show if the result is "off" run system application_classification on
↧