How to Globally Block a URL without a URL Filtering Policy

How to Globally Block a URL without a URL Filtering Policy

46969
Created On 09/25/18 17:46 PM - Last Modified 06/09/23 03:13 AM


Resolution


Issue

When wanting to block a list of URL's globally as one of the first rules, an admin cannot or may not want to use a URL Filtering profile because of the following reasons:

  • It prevents other URL filtering in the rest of the policy.
  • There is no way to use FQDN objects for domains like "*.google.com", as the wildcard is not allowed for a FQDN object.

 

Resolution

In order to block a list of URL's globally, create a custom URL category and add URL's to the category and then place that into a rule.

  1. Create a Custom URL Category by going to Objects > Custom Objects > URL Category.
    Click 'Add' on the bottom-left part of the screen, give it a Name and Description(optional), then 'Add' the URL's as needed.
    Note:  Please remember there is a difference between site.com and *.site.com
    url-cat1.png
  2. Add the Custom URL Category into a rule by using the "URL Category" section located in Service/URL Category tab when creating a new rule:
    url-cat2.png
    By blocking sites with the URL Category, this still allows other URL Filtering Profiles to be applied to later rules.

 

owner: jdelio
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJKCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language