As the following blog shows, a new PAN-DB URL category, command-and-control, will be released.
https://live.paloaltonetworks.com/t5/Community-Blog/Command-and-Control-C2/ba-p/179026
This article introduces the steps to make sure that the command-and-control category is recognized by PAN-DB URL Filtering feature using the 'test url' command.
Prerequisite
- PAN-DB URL Filtering is enabled on Palo Alto Networks firewall
- Content Update 734 or later is installed on the Palo Alto Networks firewall
After ensuring your firewall meets the prerequisites:
Step 1
Log in to your firewall managment WebUI with the administrative account. The URL is http or https:// the management IP of your firewall.
Step 2
Go to Device > Setup > Content-ID and make sure there is no value in PAN-DB Server. If there is any value in PAN-DB Server, please delete it and commit the change.
Step 3
Log in to your firewall managment CLI with the administrative account.
Run the following command to verify if the Command-and-Control category is properly recognized by PAN-DB URL Filtering feature.
admin@myNGFW>test url urlfiltering.paloaltonetworks.com/test-command-and-control
urlfiltering.paloaltonetworks.com/test-command-and-control command-and-control (Base db) expires in 1800 seconds
urlfiltering.paloaltonetworks.com/test-command-and-control command-and-control (Cloud db)