Many "not-resolved" category in URL Filtering log when using "URL Category" column in Security rules

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Many "not-resolved" category in URL Filtering log when using "URL Category" column in Security rules

L4 Transporter

Hi, all,

First, my customer doesn't buy "URL Filtering" license.

I use the "Custom URL Category" in the "URL Category" column at Security rules, as the attachement named "security-rules.png".

https://live.paloaltonetworks.com/servlet/JiveServlet/download/2-5074/security-rules.png

But, I see many category named "not-resolved" in URL Filtering log, as the attachement named "url-filtering.png"

https://live.paloaltonetworks.com/servlet/JiveServlet/download/2-5108/url-filtering.PNG

I check these "not-resolved" URL Filtering logs' detail, all of them doesn't record the rule name that they was matched, but all of them's detail have a threat log in the "Related Logs", as the attachement named "url-filtering_detail.png".

https://live.paloaltonetworks.com/servlet/JiveServlet/download/2-5073/url-filtering_detail.PNG

But, I don't find the related log in Threat log.

My questions are :

- Why does the "not-resolved" URL Filtering logs be generated ?

- Is it my configuration's issue ? or other reason cause it ?

- How to resolve this issue ? or debug this issue ? Do I need open a case to ask for help ?

Please help me,

Thanks,

Sample Wu

6 REPLIES 6

L5 Sessionator

Firewall is unable to resolve these categories.

Can you verify if the URLs termed as not-resolved have been defined in the Custom categories.

With URL-filtering license firewall would contact Cloud (BC /PAN_DB) to resolve the categoty.

Since the firewall does not have URL-filterfing license ,Custom category must have all the URLs in question defined ,explicitly.

Try using wildcards (*) in custom category to include all the sub-domains for these not-resolved categories.

-Ameya

Hi, akawimandan,

The URLs termed as not-resolved haven't been defined in any Custom Category, but in normal, these URLs should not be blocked, right ?

In the URL-Filtering logs, these not-resolved logs are blocked, why ? and how to configure to avoid them not be blocked ?

Thanks,

Sample Wu

Navigate to the URL-filtering security profile being used in the security-rule  and change the action for the category 'not-resolved' to allow.

Capture.PNG

-Ameya

Hi, Ameya,

But in my case, I never use the URL-Filtering security profile in any security rule, I just custom a Custom URL Category and put it in the "Services/URL Categories" column in security rule.

So you mean, I need to create a URL-Filtering security profile and configure it as you said, then put it to the URL-Filtering security profile in all security rules, right ?

Thanks,

Sample Wu

Security rules in the snap-shot 'security-rules.png' show profile-groups being used which led to this assumption .

Try allowing the category 'not-resolved' in the security-rule.

Capture1.PNG

-Ameya

Hi, Ameya,

Thanks for your suggestion, but I might be not configure as you said easily in my customer's environment and policy.

I'll open a case to ask for advanced help.

Thanks again,

Sample Wu

  • 7260 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!