can we log urls for deny rule?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

can we log urls for deny rule?

L4 Transporter

I am trying to configure a sec policy so it will show the url log though the traffic is blocked. has anyone tried it? Please let me know.

thanks.

1 accepted solution

Accepted Solutions

L2 Linker

So I am doing an allow / deny by doing this.   For example geo-blocked country let's say Russia as destination:

  1. Security policy set to allow for TCP 80/443 (SSL/Web-Browsing) for destination Russia
  2. URL Filtering policy with all categories are set to Block.  This policy is assigned to Security policy mentioned above.
  3. Security policy set to Deny any any for Russia, this will cover the rest of the TCP/UDP ports

By doing this I create a Layer 3/4 Allow and a Layer 7 Deny.  I then can look at my URL Filtering logs and see exactly what URL's have been blocked for my Geo-Blocked country Russia.

 

View solution in original post

4 REPLIES 4

L2 Linker

Hi There,

 

Yes, you can log the blocked URL sessions on firewall or panorama. Just enable the logging in the action Tab.

I would suggest to go through this short demo which will help answer related questions.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClmgCAC

 

Thanks,

Yogesh

@ydhanuka  Thanks for the response. I do have url filtering on allow rules but wasn't sure if the traffic is going to be allowed if I apply this to a deny rule.

L2 Linker

So I am doing an allow / deny by doing this.   For example geo-blocked country let's say Russia as destination:

  1. Security policy set to allow for TCP 80/443 (SSL/Web-Browsing) for destination Russia
  2. URL Filtering policy with all categories are set to Block.  This policy is assigned to Security policy mentioned above.
  3. Security policy set to Deny any any for Russia, this will cover the rest of the TCP/UDP ports

By doing this I create a Layer 3/4 Allow and a Layer 7 Deny.  I then can look at my URL Filtering logs and see exactly what URL's have been blocked for my Geo-Blocked country Russia.

 

Cyber Elite
Cyber Elite

for that you need to create destination as any

then under url say specfic site.

then you can see url logs but no traffic logs

MP

Help the community: Like helpful comments and mark solutions.
  • 1 accepted solution
  • 5347 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!