To the world, creating Security rule for a specific user (call it, a rule to permit access dodgy website access), what's involved in "cascading" the rule - so, if there's no matches on that rule, that same user would be challenged against a General Web Access Rule? Is it possible to cascade the rules? Regards, Christopher
Solved! Go to Solution.
I'm not sure what you mean by cascade. But the PA rule base is such that if you match the conditions in that rule it applies and the rule is operative and further processing stops.
If you don't match the conditions the next rule is check and so on down the rule base until a match is found or there are no more rules and the default action occurs.
So as soon as you match the web filtering rule and evaluate it further processing stops.
Thanks "pulukas " - thinking maybe of another way in answering question, saying ...
* If one Rule has a specific URL-filter applied (and want to apply this to a specific user), how do I configure it to check "just one custom category" then ...
* Fall down to the next rule
So just test one (1) custom category? Vs a url filter that tests all categories?
No, this is just not how firewalls in general work. Not just Palo Alto.
They operate on a a match and done basis.
Thanks "pulukas" - something tells me what I'm asking is still not coming across correctly (not around the Access element, but around the "match only 1 URL" filtering), that's ok - I'll do some digging / testing / etc...
YEA! I found what I was looking for! Had to speak the language of the 'net! (tell it do vs want it do, etc...)
Not sure of the compariable article within LIVE?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!