https://live.paloaltonetworks.com/t5/general-topics/url-filtering-bypass-for-level-1-2-support/m-p/63579#M38236 <P>Hello,</P><P>&nbsp;</P><P>you could create a scenario where specific group of GP users have URL filtering profile that only alerts without block or continue actions; upon a call to the tech support, your L1-L2 tech could enable/create a new account that would temporarily be available and given to users. Once they connect with GP, you route them through GP and apply different set of policies onto their traffic.</P><P>&nbsp;</P><P>Just a first solution from the top of my head, would this work for you?</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Luciano</P> Tue, 25 Aug 2015 08:02:37 GMT Lucky 2015-08-25T08:02:37Z https://live.paloaltonetworks.com/t5/general-topics/url-filtering-bypass-for-level-1-2-support/m-p/63402#M38161 <P>Good Afternoon</P><P>&nbsp;</P><P>I have a request to look into a way a Level 1 - 2 Support Person can easily bypass a blocked URL. &nbsp;Be it by policy, a custom button on the response page, captive portal, or a combination of whatever might be needed to do so. &nbsp;Has anyone set something like this up? &nbsp;Is it possible? &nbsp;And what would be the best practice or best method in doing so?</P><P>&nbsp;</P><P>General Scenario:</P><P>&nbsp;</P><P>A crticial meeting, conference, or whatever the pressing agenda would be has a user getting blocked by URL Filtering in an attempt to go to a Legitamate and Justified URL for the business need.</P><P>&nbsp;</P><P>The User then calls Support, and without having to involve others, the Level 1 or Level 2 support person fielding the call could initiate a remote session and go through a few clicks or enter a crendetial that will temporarily allow that users session to bypass URL Filtering for that particular session or site........</P><P>&nbsp;</P><P>I have a case opened but before I go further down that rabbit hole, I would like too see if anyone out there has done anything like this via policy, captive portal, redirect, custom button, or a combination of either to acheive this. &nbsp;If it is even possible.</P> Thu, 20 Aug 2015 17:29:38 GMT https://live.paloaltonetworks.com/t5/general-topics/url-filtering-bypass-for-level-1-2-support/m-p/63402#M38161 alanglois 2015-08-20T17:29:38Z https://live.paloaltonetworks.com/t5/general-topics/url-filtering-bypass-for-level-1-2-support/m-p/63435#M38168 <P>Do you have a realworld example of a site where this has occurred?</P><P>&nbsp;</P><P>You can use the "Overide" option in your URL profile for URL categories:</P><P>&nbsp;</P><TABLE cellspacing="0"><TBODY><TR><TD><DIV class="TH_TableHeading">URL Admin Override</DIV></TD><TD><DIV class="TB_TableBody">&nbsp;</DIV></TD></TR><TR><TD><DIV class="TSH_TableSubHeading">Settings for URL Admin Override</DIV></TD><TD><DIV class="TB_TableBody">Specify the settings that are used when a page is blocked by the URL filtering profile and the <SPAN>Override</SPAN> action is specified. See <A title="Security Profiles" target="_blank">“URL Filtering Profiles”</A>.</DIV><DIV class="TB_TableBody">Click <SPAN>Add</SPAN> and configure the following settings for each virtual system that you want to configure for URL admin override.</DIV><DIV class="TB1_TableBullet_outer"><TABLE border="0" cellspacing="0" cellpadding="0"><TBODY><TR><TD><DIV class="TB1_TableBullet_inner">•</DIV></TD><TD><DIV class="TB1_TableBullet_inner"><SPAN>Location</SPAN>—Select the virtual system from the drop-down list (multi-VSYS devices only).</DIV></TD></TR></TBODY></TABLE></DIV><DIV class="TB1_TableBullet_outer"><TABLE border="0" cellspacing="0" cellpadding="0"><TBODY><TR><TD><DIV class="TB1_TableBullet_inner">•</DIV></TD><TD><DIV class="TB1_TableBullet_inner"><SPAN>Password/Confirm Password</SPAN>—Enter the password that the user must enter to override the block page.</DIV></TD></TR></TBODY></TABLE></DIV></TD></TR></TBODY></TABLE><P>&nbsp;</P><P>&nbsp;</P><P>Following this your L1/L2 tech could provide the password temporarily allowing the user to access the site.</P> Thu, 20 Aug 2015 22:02:21 GMT https://live.paloaltonetworks.com/t5/general-topics/url-filtering-bypass-for-level-1-2-support/m-p/63435#M38168 Brandon_Wertz 2015-08-20T22:02:21Z https://live.paloaltonetworks.com/t5/general-topics/url-filtering-bypass-for-level-1-2-support/m-p/63532#M38217 <P><SPAN>I am going to accept this solution as is, it may not be exactly what they wanted or envisioned, but it should do the job. Thanks for the assist!</SPAN></P> Mon, 24 Aug 2015 13:48:38 GMT https://live.paloaltonetworks.com/t5/general-topics/url-filtering-bypass-for-level-1-2-support/m-p/63532#M38217 alanglois 2015-08-24T13:48:38Z https://live.paloaltonetworks.com/t5/general-topics/url-filtering-bypass-for-level-1-2-support/m-p/63579#M38236 <P>Hello,</P><P>&nbsp;</P><P>you could create a scenario where specific group of GP users have URL filtering profile that only alerts without block or continue actions; upon a call to the tech support, your L1-L2 tech could enable/create a new account that would temporarily be available and given to users. Once they connect with GP, you route them through GP and apply different set of policies onto their traffic.</P><P>&nbsp;</P><P>Just a first solution from the top of my head, would this work for you?</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Luciano</P> Tue, 25 Aug 2015 08:02:37 GMT https://live.paloaltonetworks.com/t5/general-topics/url-filtering-bypass-for-level-1-2-support/m-p/63579#M38236 Lucky 2015-08-25T08:02:37Z