https://live.paloaltonetworks.com/t5/general-topics/url-filtering-different-with-browser-and-application/m-p/239041#M68465 <P>Hi</P><P>&nbsp;</P><P>We have a server, from where the user wants to go to, for example, abc.xyz.com.</P><P>The certificate from the website xyz.com has a CN *.xyz.com.</P><P>&nbsp;</P><P>We dont have decryption for URL Filtering. In the URL Filtering category, we have allowed&nbsp;<SPAN>abc.xyz.com.</SPAN></P><P><SPAN>The user on the server wants to use an application which initiates a connection to&nbsp;abc.xyz.com.</SPAN></P><P>Now,</P><P>When the user opens a browser and goes to&nbsp;<SPAN>abc.xyz.com, then the connection is allowed as the firewall sees the URL as&nbsp;abc.xyz.com.&nbsp;</SPAN></P><P><SPAN>When the user uses his application, the the firewall sees the request to *.xyz.com and blocks it.&nbsp;</SPAN></P><P><SPAN>If we allow *.xyz.com then the application works.</SPAN></P><P>&nbsp;</P><P><SPAN>Anyone have same experience? Any workaround without decryption?</SPAN></P><P>&nbsp;</P><P><SPAN>BR,</SPAN></P><P><SPAN>RJ</SPAN></P> Thu, 08 Nov 2018 09:51:15 GMT rjdahav163 2018-11-08T09:51:15Z https://live.paloaltonetworks.com/t5/general-topics/url-filtering-different-with-browser-and-application/m-p/239041#M68465 <P>Hi</P><P>&nbsp;</P><P>We have a server, from where the user wants to go to, for example, abc.xyz.com.</P><P>The certificate from the website xyz.com has a CN *.xyz.com.</P><P>&nbsp;</P><P>We dont have decryption for URL Filtering. In the URL Filtering category, we have allowed&nbsp;<SPAN>abc.xyz.com.</SPAN></P><P><SPAN>The user on the server wants to use an application which initiates a connection to&nbsp;abc.xyz.com.</SPAN></P><P>Now,</P><P>When the user opens a browser and goes to&nbsp;<SPAN>abc.xyz.com, then the connection is allowed as the firewall sees the URL as&nbsp;abc.xyz.com.&nbsp;</SPAN></P><P><SPAN>When the user uses his application, the the firewall sees the request to *.xyz.com and blocks it.&nbsp;</SPAN></P><P><SPAN>If we allow *.xyz.com then the application works.</SPAN></P><P>&nbsp;</P><P><SPAN>Anyone have same experience? Any workaround without decryption?</SPAN></P><P>&nbsp;</P><P><SPAN>BR,</SPAN></P><P><SPAN>RJ</SPAN></P> Thu, 08 Nov 2018 09:51:15 GMT https://live.paloaltonetworks.com/t5/general-topics/url-filtering-different-with-browser-and-application/m-p/239041#M68465 rjdahav163 2018-11-08T09:51:15Z https://live.paloaltonetworks.com/t5/general-topics/url-filtering-different-with-browser-and-application/m-p/239070#M68473 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/44973">@rjdahav163</a>,</P><P>You need to do a wireshark or fiddler capture and see what URLs are actually being called by the application that the user is attempting to use. Fiddler is probably the best solution. IF you can't access the users machine directly for whatever reason create a specific policy for the user and assign a URL profile that has the action of Alert for all categories so that every visited URL will be logged by the firewall.&nbsp;</P><P>If you look at those logs I'm sure you'll fine additional URLs that you aren't allowing in your URL Filtering profile.&nbsp;</P> Thu, 08 Nov 2018 14:37:20 GMT https://live.paloaltonetworks.com/t5/general-topics/url-filtering-different-with-browser-and-application/m-p/239070#M68473 BPry 2018-11-08T14:37:20Z https://live.paloaltonetworks.com/t5/general-topics/url-filtering-different-with-browser-and-application/m-p/239694#M68666 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/43480">@BPry</a></P><P>&nbsp;</P><P>I tried your solution with the Profile and Alert as action. In the logs we see the URL as&nbsp; --&gt;&nbsp; &nbsp; *.xyz.com/&nbsp;&nbsp;</P><P>&nbsp;</P><P>Dont know from where the / is coming? Really confused.</P><P>&nbsp;</P><P>BR,</P><P>RJ</P> Tue, 13 Nov 2018 14:06:20 GMT https://live.paloaltonetworks.com/t5/general-topics/url-filtering-different-with-browser-and-application/m-p/239694#M68666 rjdahav163 2018-11-13T14:06:20Z https://live.paloaltonetworks.com/t5/general-topics/url-filtering-different-with-browser-and-application/m-p/239695#M68667 <P><SPAN>*.xyz.com comes probably from name on the certificate.</SPAN></P><P><SPAN>As you are not decrypting traffic then Palo can't see what comes after&nbsp;*.xyz.com/ and URL is logged with / at the end.</SPAN></P><P><SPAN>You are good if you whitelist&nbsp;*.xyz.com</SPAN></P><P>&nbsp;</P> Tue, 13 Nov 2018 14:23:25 GMT https://live.paloaltonetworks.com/t5/general-topics/url-filtering-different-with-browser-and-application/m-p/239695#M68667 Raido_Rattameister 2018-11-13T14:23:25Z