URL Filtering Implementation Best Practice

Reply
Highlighted
L0 Member

URL Filtering Implementation Best Practice

Hell everyone,

 

 I have a vendor that is going to work on deploying the URL Filtering service in our Pan3020 but I wanted to undersandt/learn what the best approach is in order for to come up with an outcome that is manageable once they leave us. As of today, our security profiles such as Wildfire, Antivirus, etc. are applied to each rule. This deployment took a long time due to the amount of rules oure firewall has so the vendor has proposed to create just certain security policy rules for filtering instead of deploying the profile to each single rule.

 

 I am sure that this could probably be done using the CLI and some sort of scrip but again, I would like to hear other's recommendations regarding this matter. In the future, I am positive that we are going to need to make changes so doing the right thing now will help us. 

 

Thank you in advanced.

L5 Sessionator

Re: URL Filtering Implementation Best Practice

I would start by reviewing this video and article that Joe put together.  It is still relevant today.

 

https://live.paloaltonetworks.com/t5/Tutorials/How-to-Configure-URL-Filtering-Video/ta-p/59300

 

P.S. There are other articles including one covering advanced URL Filtering at the bottom of the above page.

L7 Applicator

Re: URL Filtering Implementation Best Practice

Hello,

Since URL filtering is heavily politically charged, what I usually do is give the exec board a list of all the categories and have them tell me what to block.

https://live.paloaltonetworks.com/t5/Management-Articles/Complete-List-of-PAN-DB-URL-Filtering-Categ...

 

This keeps me out from the abuse the users tend to throw around.

 

Another thing you can do it enable it and allow all categories, then run reports to see what the users are doing and present that to the board.

 

Hope that helps.

L0 Member

Re: URL Filtering Implementation Best Practice

Thank you to all for your answers. I agree that URL filtering is a very political topic; however, I was hoping for right/wrong suggestions regarding the implementation such as, keep in mind this or this will happen, etc. For now, those videos and the URL description document are both very informative.

L7 Applicator

Re: URL Filtering Implementation Best Practice

Hello,

You may come across a few sites that are miscategorized, but you can submit them to be changed. Once thing you can try is to put in a policy that allows all categories (ugly I know) and then run reports on ones that are hit the most.

 

I would highly suggest you block the following at a minimum:

 

command-and-control

copyright-infringement

dynamic-dns

extermism

malware

phishing

proxy-avoidance-and-anonymizers

questionable

unknown

 

Start blocking these and go from there. One thing somone else posted a while back was to run a report on the executives browsing history and present that to the board :).

 

Good luck.

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!