topic Re: URL filtering based on source IP? in General Topics

URL filtering based on source IP?

drewdown — Fri, 27 Oct 2017 13:27:25 GMT

Is this possible? I assume it is but not sure how to allow it while applying all the other policies I already have in place across the board.

Re: URL filtering based on source IP?

BPry — Fri, 27 Oct 2017 17:56:46 GMT

This should be relatively easy to do, as you would just create an additional policy specifically for that source with it's own custom URL Fitlering profile. What exactly are you trying to accomplish, and where are you running into issues if you've tried it already?

Re: URL filtering based on source IP?

drewdown — Fri, 27 Oct 2017 18:23:35 GMT

I guess what I was wondering is if I just made a policy for source network > any > any and applied that very specific URL filter would it stop processing the policies after that one for hosts within that specific source network?

Re: URL filtering based on source IP?

BPry — Fri, 27 Oct 2017 18:28:45 GMT

PA analyses security policies from top to bottom until it finds one that matches that session, once it finds a matching security policy that is the one it's going to utilize.

Not knowing how secure you are trying to make things or anything like that, I would say lock it down to whatever it is you want it to stop. If you create a URL filtering profile that includes a custom category such as 'Streaming Media' that you've created so that Netflix, Hulu, Sling and the like are all blocked at a URL level with a block action; it's likely that you don't really care what application or what service the traffic is using, you simply want to block all traffic. In that situation you'd probably be fine leaving application and service as 'any', as there really wouldn't be any other reason to communicate with those URLs.

Re: URL filtering based on source IP?

drewdown — Fri, 27 Oct 2017 18:32:50 GMT

In this case I want to allow users on a certain subnet to access already blocked websites (IE no filtering whatsoever), so I assume this poicy would need to be at the top of the list? IE before all the policies that enforce URL filtering?

Re: URL filtering based on source IP?

BPry — Fri, 27 Oct 2017 18:35:18 GMT

@drewdown,

The policy would need to be placed before the rule that doesn't allow the user to access these websites. You can find this information by looking at the logs on the firewall, once you've verified what rule is actually blocking the traffic simply place the new rule above that one.

If you constantly find yourself putting things at the top of your security policies you're going to run into a situation where you'll start breaking things; it's best to identify the correct place for the policy and question and put the policy exactly where it needs to be at the beginning.