Is there a way to make URL custom allow list take precedence over the block lists

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Is there a way to make URL custom allow list take precedence over the block lists

L0 Member

Hi All,

 

I have an issue where we at times we block whole domains but we sometimes need to allow one sub-domain through.  We recently put in the Palo Alto content filter and we have found it behaves very differently to our previous content filter which read the custom allow list first before proceeding to the block list.  I found this article https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClsmCAC which explains that blocks take precedence but this has caused our organisation many headaches because of the way the Palo Alto's performs content filters.  I am wondering if there is a way we can still block whole domains but allow only certain sub-domains using the Palo Alto.  We have asked our managed service partner but they appear stumped on this one.  This is a fairly recent new install of the Palo Alto's and I am hoping we can resolve this issue or be advised if it is not possible at all.

 

Thanks

 

Grant.

1 REPLY 1

Cyber Elite
Cyber Elite
you could put all the blocklist URLs into a custom category and leave the allowed subdomains, that way the allowed gain precedence over the custom category
Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 2241 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!