URL Filtering Category is "Unknown"

Reply
L1 Bithead

URL Filtering Category is "Unknown"

guys,

i have a problem in our Palo alto 5050, it shows a lot of URL websites with Category "unknown", although it shows the right category type on bright cloud website,

any help ??,

Regards,

Highlighted
L7 Applicator

Re: URL Filtering Category is "Unknown"

Hello AhmedSheta,

By default, any newly registered domain will be "unknown" in PAN-DB until Palo Alto Networks reviews, either manually by the analysis/threat team, or through the crawler (triggered on some event). Once an "unknown" is seen on the Palo Alto Networks servers, it will be put into a prioritized queue for crawling and classification. Once Palo Alto Networks determines a category, it will be included in the next database refresh.


Enable global setting to force dynamic-url lookup:

# set deviceconfig setting url dynamic-url yes

# commit

You may clear the cache with CLI command:

> clear url-cache all

Few related discussions/doc for your reference:

resolving

Many 'Unknown' Entries In URL Log

User Web Traffic Categorized as Unknown

Hope this helps.

Thanks

L1 Bithead

Re: URL Filtering Category is "Unknown"

thanks so much for your reply,

but our problem is like below :

when you test the url on cli using test url ......

it shows the category,

cli.jpg

but on the url filtering logs it shows like that

guui.jpg

so any help ???

L7 Applicator

Re: URL Filtering Category is "Unknown"

Could you please follow the DOC and clear cache from both data-plane and management-plane: How to Handle a URL Miscategorization

Thanks

L7 Applicator

Re: URL Filtering Category is "Unknown"

Any progress on this...?

Thanks

L1 Bithead

Re: URL Filtering Category is "Unknown"

it works, but should i do this everytime manually when i see unknown traffic, why the palo alto is not directly adjust it,

Regards,

L7 Applicator

Re: URL Filtering Category is "Unknown"

Hello AhmedSheta,

The device will automatically refresh it's cache table with updated information from the cloud. There is a process that executes the attempts to see if any cached entry in the DP URL cache has been updated with new on-device database.

Can be manually cleared using the following CLI command from Managaement-Plane:

> deletedynamic-url <argument>

Can manually set dynamic URL cache timeout value through the following CLI command:

> debug device-server reset url dynamic-url-timeout <1-43200>

Can be manually cleared using the following CLI command from Data-Plane:

> clear url-cache

Thanks

L7 Applicator

Re: URL Filtering Category is "Unknown"

AhmedSheta you can change the default cache time to a shorter interval.  By default this is set to a week.  I like to reduce this to one day.  This prevents the issues you have here with newly categorized sites not being properly recognized.

Updates in url filtering may be delayed by days in application to sessions

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!