why custom url category action should be none as best practice

Reply
L4 Transporter

why custom url category action should be none as best practice

i read that for best practice if we make custom url category its action should be none for security reasons

need to understand why?

L7 Applicator

Re: why custom url category action should be none as best practice

Hello,

Not sure where you read that. I always set 'allowed' catagories to 'Alert'. This way they get logged and its easier to determine what is getting allowed/blocked.

 

Regards,

L4 Transporter

Re: why custom url category action should be none as best practice

L7 Applicator

Re: why custom url category action should be none as best practice

OK, I listened to it and I see what they are doing. Lets say you make a custom catagory and the URL is xyz.com, and you have it set to 'Alert'. Now lets say that site gets compromised and get recatagorized by PAN as malicious. What she was saying is that it could potentially still be allowed because you set the custom catagory as 'Alert', by having it set to none she is saying it would take the default catagorization of the PAN catagory list:

 

none (custom URL category only)—If you have created custom URL categories, set the action to none to allow the firewall to inherit the URL filtering category assignment from your URL database vendor. Setting the action to none gives you the flexibility to ignore custom categories in a URL filtering profile, while allowing you to use the custom URL category as a match criteria in policy rules (Security, Decryption, and QoS) to make exceptions or to enforce different actions. To delete a custom URL category, you must set the action to none in any profile where the custom category is used. For information on custom URL categories, see Objects > Custom Objects > URL Category.

 

Hope that makes sense.

L4 Transporter

Re: why custom url category action should be none as best practice

seems this was but tricky

thanks for explaining this to me.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!