https://live.paloaltonetworks.com/t5/general-topics/rule-creation-query/m-p/498564#M105159 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/214068">@BNSRIKAR</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thanks for reaching out! I have a few questions:</P> <P>&nbsp;</P> <P>Can you confirm URL Filtering is licensed by going to Devices -&gt; Licenses?</P> <P>Once licensed is verified, can you pull up your custom URL category and share a screenshot of what your settings are? If not able to, are the pre-defined categories within the profile set to site access -&gt; blocked? The only options set to allow should be the domains you specify.&nbsp;</P> <P>On your monitor logs, does the internet traffic hit the security policy you specified?&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><LI-PRODUCT title="URL Filtering" id="URL_Filtering"></LI-PRODUCT>&nbsp;, <LI-PRODUCT title="NGFW" id="NGFW"></LI-PRODUCT>&nbsp;</P> Fri, 03 Jun 2022 00:01:19 GMT JayGolf 2022-06-03T00:01:19Z https://live.paloaltonetworks.com/t5/general-topics/rule-creation-query/m-p/498409#M105154 <P>Hi Team,</P><P>&nbsp;</P><P>We have created policy</P><P>&nbsp;</P><P>Source: Internal subnet</P><P>Destination: Any Application:Any service/url category:custom category.</P><P>Action allow.</P><P>&nbsp;</P><P>In custom URl category, we have added 2 domains. Our requirement is internal subnet user should access these 2 domains only.</P><P>However traffic is getting allowed for all other destination IP address. Why it is happening when i clearly mentioned the URL category that needs to be allowed.</P><P>&nbsp;</P><P>Thank you.</P><P>&nbsp;</P><P>However&nbsp; traffic is getting allowed&nbsp;</P> Thu, 02 Jun 2022 15:29:07 GMT https://live.paloaltonetworks.com/t5/general-topics/rule-creation-query/m-p/498409#M105154 BNSRIKAR 2022-06-02T15:29:07Z https://live.paloaltonetworks.com/t5/general-topics/rule-creation-query/m-p/498564#M105159 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/214068">@BNSRIKAR</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thanks for reaching out! I have a few questions:</P> <P>&nbsp;</P> <P>Can you confirm URL Filtering is licensed by going to Devices -&gt; Licenses?</P> <P>Once licensed is verified, can you pull up your custom URL category and share a screenshot of what your settings are? If not able to, are the pre-defined categories within the profile set to site access -&gt; blocked? The only options set to allow should be the domains you specify.&nbsp;</P> <P>On your monitor logs, does the internet traffic hit the security policy you specified?&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><LI-PRODUCT title="URL Filtering" id="URL_Filtering"></LI-PRODUCT>&nbsp;, <LI-PRODUCT title="NGFW" id="NGFW"></LI-PRODUCT>&nbsp;</P> Fri, 03 Jun 2022 00:01:19 GMT https://live.paloaltonetworks.com/t5/general-topics/rule-creation-query/m-p/498564#M105159 JayGolf 2022-06-03T00:01:19Z https://live.paloaltonetworks.com/t5/general-topics/rule-creation-query/m-p/498888#M105165 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/214068">@BNSRIKAR</a>,</P> <P>If you're just looking at the logs, the firewall needs to allow enough traffic to pass to actually identify the URL being requested. It would be expected to see other traffic getting allowed until the firewall can identify the URL and determine if it matches your policy.&nbsp;</P> <P>Can you verify that you've actually tested on one of these restricted users and actually had a page load successfully matching this policy?&nbsp;My assumption is that you are just going off of traffic logs here.&nbsp;</P> Fri, 03 Jun 2022 01:39:53 GMT https://live.paloaltonetworks.com/t5/general-topics/rule-creation-query/m-p/498888#M105165 BPry 2022-06-03T01:39:53Z