Multiple filter actions with web filtering, whitelisting

Question

Okay, I really need some help on this. I've got to be missing something... because I can't figure out Web Filtering to save my life right now. 
 I'm running UTM 9.5x, and still struggling to get Web Filtering set up how I'd like it. This is all set up in transparent mode. 
 For my current setup, I have a /24 network with several servers on it, let's call it the "Server" network. The Default Web Filter Profile is set up to allowed networks on a network that has 0 hosts on it, and in an "allow all" configuration (I'm not entirely sure that is even correct, but changing it around seems like a daunting task). 
 Under the second tab on the left, Web Filter Profiles - I have the following profile (among others). 
 
 As you can see, there are three "filter actions". The middle enabled filter action is to allow Firefox to update. See next image, with the settings. 
 
 I have to use the category blocking, otherwise everything ends up being allowed, since it seems like the process stops checking rules after a successful pass. Which would make sense... but I'm obviously missing some type of methodology here. How can I have separate policies or filter actions apply to the same network/computer? Do I have to customize and cram every website I want to allow/block into one "deny except" filter action, and I can't make a generic "allow firefox" and apply it to the networks I want? Obviously after this "firefox allow" rule processes, the rest of the filter actions or policies won't take affect. 
 
 I'm so confused, please help.

apijnappels · Accepted Answer

Not sure what you want exactly and if this is a home or business install, but there's a good chance that just one profile (the default one) would be enough (unless you want something different for your server network than for you workstation network, then you might need 2 profiles). 
 In any given moment for any given host only one profile will work (you figured that out correctly). 
 You might need to add a filtering exception for your Firefox updates under Filtering Options -> Exceptions, however I don't use FF myself so I can't give you the right advice on that, but these exceptions work globally. 
 Also if you need to "override" a given website because it's either categorized incorrectly or you would allow/disallow it despite being categorized correctly, you can recategorize these in Filtering Options -> Websites. Just give the chosen website a category that is (or isn't) blocked depending on your needs. 
 Knowing this all, you can configure your profile with the base setting you would like to have (block/allow categories the way you would like them to behave). 
 Also in setting up you can have a little help from Policy Helpdesk, this will give you information on which profile is used depending on the website opened at the time selected by the user selected. 
 However if you don't really get web filtering right now I suggest you try to first set it up without users/time because this would be the easiest to understand and would require the least profiles. Then later on you can add profiles based on users and or time and put those BEFORE the base profile (otherwise they will never be evaluated). 
 If you have more specific questions, then please ask them as specified as possible so we can give better help.