topic Re: URL Filtering Implementation Best Practice in Advanced Threat Prevention Discussions

URL Filtering Implementation Best Practice

garciar — Fri, 19 Jan 2018 19:48:49 GMT

Hell everyone,

I have a vendor that is going to work on deploying the URL Filtering service in our Pan3020 but I wanted to undersandt/learn what the best approach is in order for to come up with an outcome that is manageable once they leave us. As of today, our security profiles such as Wildfire, Antivirus, etc. are applied to each rule. This deployment took a long time due to the amount of rules oure firewall has so the vendor has proposed to create just certain security policy rules for filtering instead of deploying the profile to each single rule.

I am sure that this could probably be done using the CLI and some sort of scrip but again, I would like to hear other's recommendations regarding this matter. In the future, I am positive that we are going to need to make changes so doing the right thing now will help us.

Thank you in advanced.

Re: URL Filtering Implementation Best Practice

bvandivier — Fri, 19 Jan 2018 20:34:28 GMT

I would start by reviewing this video and article that Joe put together. It is still relevant today.

https://live.paloaltonetworks.com/t5/Tutorials/How-to-Configure-URL-Filtering-Video/ta-p/59300

P.S. There are other articles including one covering advanced URL Filtering at the bottom of the above page.

Re: URL Filtering Implementation Best Practice

OtakarKlier — Fri, 19 Jan 2018 21:45:10 GMT

Hello,

Since URL filtering is heavily politically charged, what I usually do is give the exec board a list of all the categories and have them tell me what to block.

https://live.paloaltonetworks.com/t5/Management-Articles/Complete-List-of-PAN-DB-URL-Filtering-Categories/ta-p/129799

This keeps me out from the abuse the users tend to throw around.

Another thing you can do it enable it and allow all categories, then run reports to see what the users are doing and present that to the board.

Hope that helps.

Re: URL Filtering Implementation Best Practice

garciar — Tue, 23 Jan 2018 19:20:34 GMT

Thank you to all for your answers. I agree that URL filtering is a very political topic; however, I was hoping for right/wrong suggestions regarding the implementation such as, keep in mind this or this will happen, etc. For now, those videos and the URL description document are both very informative.

Re: URL Filtering Implementation Best Practice

OtakarKlier — Thu, 25 Jan 2018 23:41:44 GMT

Hello,

You may come across a few sites that are miscategorized, but you can submit them to be changed. Once thing you can try is to put in a policy that allows all categories (ugly I know) and then run reports on ones that are hit the most.

I would highly suggest you block the following at a minimum:

command-and-control

dynamic-dns

extermism

malware

phishing

proxy-avoidance-and-anonymizers

questionable

unknown

Start blocking these and go from there. One thing somone else posted a while back was to run a report on the executives browsing history and present that to the board :).

Good luck.