I was wondering if there was a performance hit if you added url filtering (with application-services utm-policy) to a Trust to Untrust rule that allowed any protocol? Or should you confine URL filtering to policies that specifically reference the http port?
