Anyone know what happens when you have traffic set to deny/drop and you have URL filtering profile

Reply
L3 Networker

Anyone know what happens when you have traffic set to deny/drop and you have URL filtering profile

Anyone know what happens when you have traffic set to deny/drop and you have URL filtering profile applied? Does it log the traffic in URL monitor when its blocked?

L4 Transporter

Re: Anyone know what happens when you have traffic set to deny/drop and you have URL filtering profi

no traffic will not log  in url filtering profile.

L2 Linker

Re: Anyone know what happens when you have traffic set to deny/drop and you have URL filtering profi

Hello,

 

Logs will be created in the url filtering log. For example I've created a policy 'Block Malicious Web Categories' and have put the malware, phising, c&c in the url category option of the policy , action set to deny and attached a URL filtering profile with all categories set to block. To profile is there for logging and presenting the user with a block page.

 

kr,

Tommy

ACE8, PCNSE,PCNSC
PSE Platform Professional
PSE Endpoint Professional
L3 Networker

Re: Anyone know what happens when you have traffic set to deny/drop and you have URL filtering profi

Hi Tommy,

 

will you still get a block page if URL filtering profile had all categories set to alert and action on rule set to deny?

 

Thanks

L2 Linker

Re: Anyone know what happens when you have traffic set to deny/drop and you have URL filtering profi

Hello,

 

No you wont get the block page if only the action is deny on the policy. It is the security profile that triggers the block page.

 

kr

Tommy

ACE8, PCNSE,PCNSC
PSE Platform Professional
PSE Endpoint Professional
L3 Networker

Re: Anyone know what happens when you have traffic set to deny/drop and you have URL filtering profi

Hi Tommy,

 

Just did a test anytime I add a URL category to a deny rule I get the block page with or without the URL filtering profile. The URL filtering profile just adds extra entry in the URL filtering log.

 

Thanks

L2 Linker

Re: Anyone know what happens when you have traffic set to deny/drop and you have URL filtering profi

Hi,

 

Which version of PANos are you testing this on?

 

kr,

Tommy

ACE8, PCNSE,PCNSC
PSE Platform Professional
PSE Endpoint Professional
L4 Transporter

Re: Anyone know what happens when you have traffic set to deny/drop and you have URL filtering profi

@junior_r Please see below the detailed explanation of the firewall packet flow sequence. 

Security Profiles/Content Inspection are ALWAYS applied after the policy evaluation. If the policy set to drop, the profiles will never be applied: 

 

https://knowledgebase.paloaltonetworks.com/servlet/rtaImage?eid=ka10g000000bxnJ&feoid=00N0g000003VPS...

 

L2 Linker

Re: Anyone know what happens when you have traffic set to deny/drop and you have URL filtering profi

Hey,

 

I just re-tested it with panos 9.0.2 and apparently you don't need to url filter profile anymore to get a block page and it is also loggen in the url filter log.

 

I used to test this in 8.1 and there I did need to put the url profile...

 

kr,

 

Tommy

ACE8, PCNSE,PCNSC
PSE Platform Professional
PSE Endpoint Professional
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!