01-14-2022 01:18 PM
Hi All,
I'm trying to determine if this is possible.
We are blocking abc.company.com via an entry in a custom url category which is applied to the internet policy via a URL filtering profile.
I need to allow abc.company.com/specificpath while still blocking all other paths.
Nothing I've tried works. We have a whitelist rule above the main internet rule that we can put URLs in but I cannot get the firewall to match on the domain/path. Only on the domain. So when I put the domain/path into the override rule, it doesn't match and continues on down to the main internet rule where it gets blocked. Likewise, I have tried putting the domain/path into the override tab of the URL filtering profile directly and that doesn't work either.
Can the firewall match against domain/path or does only match against the domain and subdomain?
Thanks for any insight anyone might have.
01-14-2022 10:41 PM
Do you have decryption enabled on this traffic so that the firewall can actually see the full URL?
01-18-2022 01:37 PM - edited 01-18-2022 01:43 PM
I was trying to something similar before and the simple answer is that you can not using a custom URL category alone. When a URL matches multiple categories the most severe action takes precedence. See the following:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClsmCAC
So you need to have abc.company.com in your block customer category. The put abc.company.com/specific path in the override list of the Security Profiles -> URL Filtering profile applied to your Security Policy.
Edit: I just re-read your post and realized you did say that you had already put the more specific in the override list. If it is blocking based on the custom block list, I would assume it is handling SSL decrypt successfully. Perhaps the pattern match in the override is not correctly terminated?
01-14-2022 10:41 PM
Do you have decryption enabled on this traffic so that the firewall can actually see the full URL?
01-18-2022 01:37 PM - edited 01-18-2022 01:43 PM
I was trying to something similar before and the simple answer is that you can not using a custom URL category alone. When a URL matches multiple categories the most severe action takes precedence. See the following:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClsmCAC
So you need to have abc.company.com in your block customer category. The put abc.company.com/specific path in the override list of the Security Profiles -> URL Filtering profile applied to your Security Policy.
Edit: I just re-read your post and realized you did say that you had already put the more specific in the override list. If it is blocking based on the custom block list, I would assume it is handling SSL decrypt successfully. Perhaps the pattern match in the override is not correctly terminated?
02-14-2022 06:00 AM
Sorry for the late reply. Thanks to both for the response and information.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
