I work in a large K-12. We had used Blue Coat for our Web Security/Proxy before moving entirely to PAN. With Blue Coat we had the ability to produce reports on users search terms. Does anyone know if this is possible within PAN-OS?
Try to find something that stands out in search query.
For example if you search Palo Alto Networks in Chrome search term is:
So you could start with something like:
( url contains 'www.google' ) and ( url contains 'q=' ) and !( url contains 'doubleclick' )
Or perhaps something like safe search. While it may not report on what is typed, it may prevent the kids from seeing things they shouldnt...
Just another thought...
Also keep in mind that if you don't decrypt then URL log shows only www.google.com/ as this is visible on the certificate.
Actual search term goes inside encrypted payload.
Thanks for the good info.
Build in reporting of search queries, especially suspicious keywords, would be a nice feature to add for K-12 customers who need to stay CIPA compliant.
We still like our PA-3020 though, for all the other great work it does for us.
We have been wanting this feature for 3 years now and have brought it up to Palo and logged it as a feature request. It must not be a priority for Palo.
The best product in this regard was Lightspeed Systems content filter. They have a very nice reporing system and logging layout. It would also log keyword searches by user and give daily reports and real-time data on them. Sadly, the rest of the product wasn't great, but reports and kwd searches/reports were spot-on.
I'd love to have this in Palo. I hate their reporting and have wanted an overhaul since the beginning. Being a K12 school district, we have different needs than corporate sector.
+1 on Lightspeed Rocket being great at reporting details. We are needing to refresh our Rocket appliance hardware this year. $20k for a new appliance and 1 year of web filtering, and MDM. I'd gladly put that funding toward a redundant PA-3020 if PAN-OS were more configurable for K-12 environments.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!