https://live.paloaltonetworks.com/t5/general-topics/licenses-for-url-filtering/m-p/252280#M71724 <P>sorry, I may not have made myself clear. What I meant is URL's as in, paloalto.com, microsoft.com etc.</P><P>and all of those on port 443 only.</P> Tue, 05 Mar 2019 08:09:53 GMT nson2139 2019-03-05T08:09:53Z https://live.paloaltonetworks.com/t5/general-topics/licenses-for-url-filtering/m-p/252171#M71693 <P>Folks,</P><P>Our requriement is to allow specific URL's on SSL for outbound communication. Is there a need to purchase a URL filtering license for this requirement?</P><P>&nbsp;</P><P>Regards,</P><P>N!!!</P> Mon, 04 Mar 2019 17:00:02 GMT https://live.paloaltonetworks.com/t5/general-topics/licenses-for-url-filtering/m-p/252171#M71693 nson2139 2019-03-04T17:00:02Z https://live.paloaltonetworks.com/t5/general-topics/licenses-for-url-filtering/m-p/252179#M71694 <P>If you're ok with "blocking all" and allowing a "whitelist" you do not need licensing.</P><P>&nbsp;</P><P>You will not have an actual "URL" log though.&nbsp; In your case I don't think it matters since it's SSL couple with a whitelist allow.</P><P>&nbsp;</P><P>&nbsp;</P><P>To accomplish this you'd create a custom URL Category object place your desired whitelist domains there.&nbsp; Add this custom object to a security policy placing it in the "Service/URL Category" tab / URL category field.&nbsp; With a security rule below that denies traffic below you'll get what you want.</P> Mon, 04 Mar 2019 17:20:00 GMT https://live.paloaltonetworks.com/t5/general-topics/licenses-for-url-filtering/m-p/252179#M71694 Brandon_Wertz 2019-03-04T17:20:00Z https://live.paloaltonetworks.com/t5/general-topics/licenses-for-url-filtering/m-p/252181#M71696 <P>Hello,</P><P>Is this inbound traffic or outbound traffic? For inbound traffic, dont use URL filtering as its your site and why filter it? As for outbound filtering, you can create a custom URL category and put those sites in it to allow outbound access. Also without a license, the PAN shouldnt be performing any URL filtering so not sure why its getting blocked, perhaps via the application (ie layer7)?</P><P>&nbsp;</P><P>Hope that helps.</P> Mon, 04 Mar 2019 17:19:04 GMT https://live.paloaltonetworks.com/t5/general-topics/licenses-for-url-filtering/m-p/252181#M71696 OtakarKlier 2019-03-04T17:19:04Z https://live.paloaltonetworks.com/t5/general-topics/licenses-for-url-filtering/m-p/252278#M71723 <P>This will be inound traffic, but we need to control some traffic on a VPN.</P> Tue, 05 Mar 2019 07:43:59 GMT https://live.paloaltonetworks.com/t5/general-topics/licenses-for-url-filtering/m-p/252278#M71723 nson2139 2019-03-05T07:43:59Z https://live.paloaltonetworks.com/t5/general-topics/licenses-for-url-filtering/m-p/252280#M71724 <P>sorry, I may not have made myself clear. What I meant is URL's as in, paloalto.com, microsoft.com etc.</P><P>and all of those on port 443 only.</P> Tue, 05 Mar 2019 08:09:53 GMT https://live.paloaltonetworks.com/t5/general-topics/licenses-for-url-filtering/m-p/252280#M71724 nson2139 2019-03-05T08:09:53Z https://live.paloaltonetworks.com/t5/general-topics/licenses-for-url-filtering/m-p/252349#M71739 <BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/81701">@nson2139</a>&nbsp;wrote:<BR /><P>sorry, I may not have made myself clear. What I meant is URL's as in, paloalto.com, microsoft.com etc.</P><P>and all of those on port 443 only.</P><HR /></BLOCKQUOTE><P>&nbsp;</P><P>&nbsp;</P><P>"If you're ok with "blocking all" and allowing a "whitelist" you do not need licensing.</P><P>&nbsp;</P><P>You will not have an actual "URL" log though.&nbsp; In your case I don't think it matters since it's SSL couple with a whitelist allow.</P><P>&nbsp;</P><P>&nbsp;</P><P>To accomplish this you'd create a custom URL Category object place your desired whitelist domains there.&nbsp; Add this custom object to a security policy placing it in the "Service/URL Category" tab / URL category field.&nbsp; With a security rule below that denies traffic below you'll get what you want."</P><P>&nbsp;</P><P>&nbsp;</P><P>Add these URLS "What I meant is URL's as in, paloalto.com, microsoft.com" to the custom object I described and it will work as you requested</P> Tue, 05 Mar 2019 17:02:15 GMT https://live.paloaltonetworks.com/t5/general-topics/licenses-for-url-filtering/m-p/252349#M71739 Brandon_Wertz 2019-03-05T17:02:15Z