Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
09-18-2019 02:44 PM
Anyone know what happens when you have traffic set to deny/drop and you have URL filtering profile applied? Does it log the traffic in URL monitor when its blocked?
09-18-2019 10:42 PM
Hello,
Logs will be created in the url filtering log. For example I've created a policy 'Block Malicious Web Categories' and have put the malware, phising, c&c in the url category option of the policy , action set to deny and attached a URL filtering profile with all categories set to block. To profile is there for logging and presenting the user with a block page.
kr,
Tommy
09-18-2019 10:56 PM
Hi Tommy,
will you still get a block page if URL filtering profile had all categories set to alert and action on rule set to deny?
Thanks
09-18-2019 10:58 PM
Hello,
No you wont get the block page if only the action is deny on the policy. It is the security profile that triggers the block page.
kr
Tommy
09-18-2019 11:39 PM
Hi Tommy,
Just did a test anytime I add a URL category to a deny rule I get the block page with or without the URL filtering profile. The URL filtering profile just adds extra entry in the URL filtering log.
Thanks
09-18-2019 11:56 PM
Hi,
Which version of PANos are you testing this on?
kr,
Tommy
09-19-2019 01:21 AM
@junior_r Please see below the detailed explanation of the firewall packet flow sequence.
Security Profiles/Content Inspection are ALWAYS applied after the policy evaluation. If the policy set to drop, the profiles will never be applied:
09-19-2019 05:27 AM
Hey,
I just re-tested it with panos 9.0.2 and apparently you don't need to url filter profile anymore to get a block page and it is also loggen in the url filter log.
I used to test this in 8.1 and there I did need to put the url profile...
kr,
Tommy
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
