I'm trying to allow access to a single form on Google Docs while blocking access to all of Google Docs in general in PAN-OS 7.1.8. I'm aware that Google Docs is an encrypted service, so here's what I've done:
Created a custom URL category called "GoogleDocs" containing the following URLs:
I also have another custom URL category called "Whitelist" that is set to "alert" in all URL filtering security profiles. The idea for this custom URL category is to contain any URL we want to globally allow. I added the specific form's URL to the "Whitelist" category:
Technically, the real URL also has "/viewform?embedded=true" at the end but I've left that off in the "Whitelist" URL category object.
I've created a Decryption Policy that does SSL Forward Proxy decryption on traffic from inside to outside that matches the URL category "GoogleDocs".
In my base web filtering security rule, which we call "Common-Web", the URL filtering security profile that is used on that rule has the "Whitelist" category set to "alert" (as previously mentioned) and "GoogleDocs" set to "block". I also added the "google-docs-base" application object to ensure the rule would match.
Unfortunately, this does not seem to work. I am receiving a URL block when I try to visit the site with the embedded Google Docs form. The "Common-Web" rule is correctly matching, the traffic is correctly decrypted, and I am seeing the full form URL in the URL filtering logs, but the URL is being seen as part of the "GoogleDocs" URL category instead of the "Whitelist" URL category, hence the reason for the block (remember that we have the "GoogleDocs" category set to "block" in the URL filtering security profile).
How can I accomplish what I am trying to do? What I am trying does not appear to be working as intended.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!