Why is the URL Filtering Policy Applied to non-HTTP or non-HTTPS Connections?

Why is the URL Filtering Policy Applied to non-HTTP or non-HTTPS Connections?

24389
Created On 09/26/18 13:55 PM - Last Modified 06/06/23 19:46 PM


Resolution


Some connections that are not HTTP or HTTPS can be evaluated against the URL Filtering policy.

The screenshot below shows an SMTP connection which happened on port 25 (as it should) but a URL Category has been applied.

10-19-2012 11-11-06 AM.png

This will happen when the protocol switches from clear text to encrypted via a mechanism called StartTLS

StartTLS can be used by IMAP and POP3 (RFC 2595), SMTP (RFC 3207), XMPP (RFC 6120), LDAP (RFC 2830) and NNTP (RFC4642).

 

Once encrypted, the communication will become SSL, which in turns causes the firewall to evaluate the connection against the URL filtering policy.

 

owner: kkondo
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm16CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language