https://live.paloaltonetworks.com/t5/general-topics/url-category-of-security-policy-with-destination-quot-any-quot/m-p/477888#M103707 <P>Dear Berger69</P><P>&nbsp;</P><P>I further checked the log there are traffic are 2 type of traffic.</P><P>-&nbsp; the traffic log detail's category show "any"</P><P>-&nbsp; the traffic log detail's category show match my custom category</P><P>&nbsp;</P><P>According to this, the second one is the traffic what I want.</P><P>For the first type, may I know how PA handle it? since the traffic log mention it is allowed but it doesn't match the category. So it is dropped or pass to another rule to handle?&nbsp;</P><P>&nbsp;</P><P>Thanks</P> Mon, 04 Apr 2022 09:14:32 GMT PChow4 2022-04-04T09:14:32Z https://live.paloaltonetworks.com/t5/general-topics/url-category-of-security-policy-with-destination-quot-any-quot/m-p/477425#M103673 <P>Dear All,</P><P>&nbsp;</P><P>I created a security policy as below. However, I find all traffic will go through this policy. Do you have any idea? Thanks</P><P>&nbsp;</P><P>Source: Any</P><P>Destination: Any</P><P>Service: 443, 80 and specific port</P><P>URL Category: Custom (*.s3.amazonaws.com)</P><P>&nbsp;</P><P>Peter</P> Fri, 01 Apr 2022 03:19:40 GMT https://live.paloaltonetworks.com/t5/general-topics/url-category-of-security-policy-with-destination-quot-any-quot/m-p/477425#M103673 PChow4 2022-04-01T03:19:40Z https://live.paloaltonetworks.com/t5/general-topics/url-category-of-security-policy-with-destination-quot-any-quot/m-p/477480#M103676 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/188043">@PChow4</a>&nbsp;,</P><P>&nbsp;</P><P>Yes, with the type of policy you have written, you will see that it is showing allowed traffic logs for rest traffic also. But actually those session would only TCP and/or SSL sessions created with the destination. Once URL category is matched, the final decision will be made if traffic needs to be allow or drop. I would recommend you to verify complete traffic logs by opening it and you will see what's actually getting allowed.</P> Fri, 01 Apr 2022 05:38:13 GMT https://live.paloaltonetworks.com/t5/general-topics/url-category-of-security-policy-with-destination-quot-any-quot/m-p/477480#M103676 SutareMayur 2022-04-01T05:38:13Z https://live.paloaltonetworks.com/t5/general-topics/url-category-of-security-policy-with-destination-quot-any-quot/m-p/477484#M103678 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/132521">@SutareMayur</a>&nbsp;</P><P>&nbsp;</P><P>Thanks for your reply. I open it and find the log type is end and allowed.</P> Fri, 01 Apr 2022 06:30:40 GMT https://live.paloaltonetworks.com/t5/general-topics/url-category-of-security-policy-with-destination-quot-any-quot/m-p/477484#M103678 PChow4 2022-04-01T06:30:40Z https://live.paloaltonetworks.com/t5/general-topics/url-category-of-security-policy-with-destination-quot-any-quot/m-p/477492#M103679 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/188043">@PChow4</a>&nbsp;,</P><P>&nbsp;</P><P>You can verify the detailed log view of desired URL category matching traffic vs rest then you will get clarity. But again, answer to your question in one short line - the unwanted traffic matching your rule are for TCP/SSL session created with the destination. At the end, traffic will be allowed based on the matched URL.</P><P>&nbsp;</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POF8CAO" target="_self">Ref. article</A></P><P>&nbsp;</P><P>Hope it helps!</P> Fri, 01 Apr 2022 06:49:49 GMT https://live.paloaltonetworks.com/t5/general-topics/url-category-of-security-policy-with-destination-quot-any-quot/m-p/477492#M103679 SutareMayur 2022-04-01T06:49:49Z https://live.paloaltonetworks.com/t5/general-topics/url-category-of-security-policy-with-destination-quot-any-quot/m-p/477888#M103707 <P>Dear Berger69</P><P>&nbsp;</P><P>I further checked the log there are traffic are 2 type of traffic.</P><P>-&nbsp; the traffic log detail's category show "any"</P><P>-&nbsp; the traffic log detail's category show match my custom category</P><P>&nbsp;</P><P>According to this, the second one is the traffic what I want.</P><P>For the first type, may I know how PA handle it? since the traffic log mention it is allowed but it doesn't match the category. So it is dropped or pass to another rule to handle?&nbsp;</P><P>&nbsp;</P><P>Thanks</P> Mon, 04 Apr 2022 09:14:32 GMT https://live.paloaltonetworks.com/t5/general-topics/url-category-of-security-policy-with-destination-quot-any-quot/m-p/477888#M103707 PChow4 2022-04-04T09:14:32Z