https://live.paloaltonetworks.com/t5/general-topics/allow-web-browsing-but-not-for-users/m-p/281364#M75964 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/97832">@IpswichSchool</a>,</P><P>A custom URL category would be the way to go here, as&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/40484">@JulioMancia</a>&nbsp; mentioned. Just as a note however, if you utilize a custom URL category you do&nbsp;<STRONG>not</STRONG> need to be licensed to do so. That specific functionality can be utilized regardless of URL Filtering license status.&nbsp;</P><P>&nbsp;</P> Tue, 06 Aug 2019 17:08:53 GMT BPry 2019-08-06T17:08:53Z https://live.paloaltonetworks.com/t5/general-topics/allow-web-browsing-but-not-for-users/m-p/281268#M75940 <P>Hello everyone,</P><P>&nbsp;</P><P>First post so please be gentle. I need to have a security rule to allow the Bitdefender application on my servers. Part of the Bitdefender application requires explicit web-browsing. That is obviously easy enough to do. My problem is that I don't want users to then be able to browse the web from those servers but because I have enabled web-browsing as part of the Bitdefender rule, they can.&nbsp;</P><P>&nbsp;</P><P>Is there a way to stop this?</P><P>&nbsp;</P><P>Alex.</P> Tue, 06 Aug 2019 10:30:28 GMT https://live.paloaltonetworks.com/t5/general-topics/allow-web-browsing-but-not-for-users/m-p/281268#M75940 IpswichSchool 2019-08-06T10:30:28Z https://live.paloaltonetworks.com/t5/general-topics/allow-web-browsing-but-not-for-users/m-p/281338#M75953 <P>Do you have the URL license on your firewall? if you do you can create a custom URL category to only allow the required domains for updating with the AppID's.&nbsp; If you don't have the URL license, you still need the domains that need to be allowed.&nbsp; You could create a rule using fqdn address objects and AppID's, the only problem with this solution is that IP's are contantly changing.&nbsp; I think the default timer for fqdn refresh are 30min.</P> Tue, 06 Aug 2019 13:40:22 GMT https://live.paloaltonetworks.com/t5/general-topics/allow-web-browsing-but-not-for-users/m-p/281338#M75953 JulioMancia 2019-08-06T13:40:22Z https://live.paloaltonetworks.com/t5/general-topics/allow-web-browsing-but-not-for-users/m-p/281364#M75964 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/97832">@IpswichSchool</a>,</P><P>A custom URL category would be the way to go here, as&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/40484">@JulioMancia</a>&nbsp; mentioned. Just as a note however, if you utilize a custom URL category you do&nbsp;<STRONG>not</STRONG> need to be licensed to do so. That specific functionality can be utilized regardless of URL Filtering license status.&nbsp;</P><P>&nbsp;</P> Tue, 06 Aug 2019 17:08:53 GMT https://live.paloaltonetworks.com/t5/general-topics/allow-web-browsing-but-not-for-users/m-p/281364#M75964 BPry 2019-08-06T17:08:53Z https://live.paloaltonetworks.com/t5/general-topics/allow-web-browsing-but-not-for-users/m-p/439880#M99851 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/167045">@Kevin-OHare</a>,</P><P>Can you move your question into a new topic. The original question in this thread mentions bitdefender, but outside of that it has nothing to do with what you are asking.&nbsp;</P> Sun, 10 Oct 2021 02:45:23 GMT https://live.paloaltonetworks.com/t5/general-topics/allow-web-browsing-but-not-for-users/m-p/439880#M99851 BPry 2021-10-10T02:45:23Z