https://live.paloaltonetworks.com/t5/next-generation-firewall/allowing-only-low-risk-of-a-url-category/m-p/551001#M1582 <P>Hello everyone,</P> <P>&nbsp;</P> <P>I have a requirement to adjust security policies in a way that only "white list" logic is enabled, and&nbsp; for one specific rule I have to allow only the <STRONG>low-risk</STRONG> category of given url category, for example <STRONG>training-and-tools</STRONG>, and not <STRONG>high-risk</STRONG> and <STRONG>medium-risk</STRONG>. However, the rule should not block the medium and high risk of&nbsp;training-and-tools eiher, as below there might be a policy for that allow the access. The problem is, if I write the policy and add URL categories of training and low-risk, it applies the "<STRONG>or</STRONG>" logic, which means that it will allow the high-and medium risks of training, and all the other categories matched as low-risk as well (tried in practice, works as described). And if I use URL Filtering profile and define high-risk and medium-risk action as block, it will block the category, which achieves the goal of allowing only low-risk of the website, <STRONG>but</STRONG> ignores the requirement just whitelisting, meaning if I have a policy below that allows access to that specific website, I will not hit that policy as I am being blocked from the above. What are the recommended solutions for this kind of issue? How do you usually deal with that? Any hint is appreciated, cause I am sure there should be a way that this works but I can't see it.<BR /><BR /></P> <P>&nbsp;</P> Wed, 26 Jul 2023 06:17:46 GMT Shams.G 2023-07-26T06:17:46Z https://live.paloaltonetworks.com/t5/next-generation-firewall/allowing-only-low-risk-of-a-url-category/m-p/551001#M1582 <P>Hello everyone,</P> <P>&nbsp;</P> <P>I have a requirement to adjust security policies in a way that only "white list" logic is enabled, and&nbsp; for one specific rule I have to allow only the <STRONG>low-risk</STRONG> category of given url category, for example <STRONG>training-and-tools</STRONG>, and not <STRONG>high-risk</STRONG> and <STRONG>medium-risk</STRONG>. However, the rule should not block the medium and high risk of&nbsp;training-and-tools eiher, as below there might be a policy for that allow the access. The problem is, if I write the policy and add URL categories of training and low-risk, it applies the "<STRONG>or</STRONG>" logic, which means that it will allow the high-and medium risks of training, and all the other categories matched as low-risk as well (tried in practice, works as described). And if I use URL Filtering profile and define high-risk and medium-risk action as block, it will block the category, which achieves the goal of allowing only low-risk of the website, <STRONG>but</STRONG> ignores the requirement just whitelisting, meaning if I have a policy below that allows access to that specific website, I will not hit that policy as I am being blocked from the above. What are the recommended solutions for this kind of issue? How do you usually deal with that? Any hint is appreciated, cause I am sure there should be a way that this works but I can't see it.<BR /><BR /></P> <P>&nbsp;</P> Wed, 26 Jul 2023 06:17:46 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/allowing-only-low-risk-of-a-url-category/m-p/551001#M1582 Shams.G 2023-07-26T06:17:46Z https://live.paloaltonetworks.com/t5/next-generation-firewall/allowing-only-low-risk-of-a-url-category/m-p/551096#M1584 <P>Hello Shams.G,</P> <P>&nbsp;</P> <P>I invite you to check the <A href="https://live.paloaltonetworks.com/t5/pancast/pancast-episode-3-url-filtering-allowing-and-blocking-the-right/ta-p/518607" target="_self">PANCast Episode 3</A>, you will get some element of response in it.</P> <P>&nbsp;</P> <P>Hope that helps.</P> <P>Olivier</P> Wed, 26 Jul 2023 14:22:25 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/allowing-only-low-risk-of-a-url-category/m-p/551096#M1584 ozheng 2023-07-26T14:22:25Z https://live.paloaltonetworks.com/t5/next-generation-firewall/allowing-only-low-risk-of-a-url-category/m-p/551270#M1587 <P>Dear&nbsp;<A id="link_17" class="lia-link-navigation lia-page-link lia-user-name-link" href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/109098" target="_self" aria-label="View Profile of ozheng"><SPAN class="">Ozheng</SPAN></A>,</P> <P>&nbsp;</P> <P>thanks for yor reply and the article, however that is not what I was looking for. In practice I have set up and worked with both URL Filtering profiles and URL categories, but here I need to have not "or" but "and" logic, <STRONG>to allow only low-risk of training category.</STRONG> Do you have any specific advice on how can I achieve that?</P> <P>&nbsp;</P> Thu, 27 Jul 2023 06:42:14 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/allowing-only-low-risk-of-a-url-category/m-p/551270#M1587 Shams.G 2023-07-27T06:42:14Z https://live.paloaltonetworks.com/t5/next-generation-firewall/allowing-only-low-risk-of-a-url-category/m-p/551402#M1596 <P>From PANCast Episode 3 - Transcript.</P> <P>”<SPAN>When you add either a pre-defined or custom URL category to the </SPAN><STRONG>Service/URL category</STRONG><SPAN> in the security policy, this is the same as adding a source IP or a service port. This is used for traffic to match that security policy. So, the same as a source IP, if the traffic does not match the URL you have specified it just continues down the security policy to find a match. The key here is the URL the client is requesting is not logged if the traffic does not even match that policy.&nbsp;</SPAN>”</P> <P>&nbsp;</P> <P>You put one category in match condition, you put the second category in a URL profile, you got your AND.</P> <P>&nbsp;</P> <P><SPAN>Olivier</SPAN></P> Thu, 27 Jul 2023 16:21:57 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/allowing-only-low-risk-of-a-url-category/m-p/551402#M1596 ozheng 2023-07-27T16:21:57Z