Anyone know what happens when you have traffic set to deny/drop and you have URL filtering profile
cancel
Showing results for 
Search instead for 
Did you mean: 

Anyone know what happens when you have traffic set to deny/drop and you have URL filtering profile

L3 Networker

Anyone know what happens when you have traffic set to deny/drop and you have URL filtering profile applied? Does it log the traffic in URL monitor when its blocked?

8 REPLIES 8

Cyber Elite
Cyber Elite

no traffic will not log  in url filtering profile.

MP

L2 Linker

Hello,

 

Logs will be created in the url filtering log. For example I've created a policy 'Block Malicious Web Categories' and have put the malware, phising, c&c in the url category option of the policy , action set to deny and attached a URL filtering profile with all categories set to block. To profile is there for logging and presenting the user with a block page.

 

kr,

Tommy

ACE8, PCNSE,PCNSC
PSE Platform Professional
PSE Endpoint Professional

Hi Tommy,

 

will you still get a block page if URL filtering profile had all categories set to alert and action on rule set to deny?

 

Thanks

Hello,

 

No you wont get the block page if only the action is deny on the policy. It is the security profile that triggers the block page.

 

kr

Tommy

ACE8, PCNSE,PCNSC
PSE Platform Professional
PSE Endpoint Professional

Hi Tommy,

 

Just did a test anytime I add a URL category to a deny rule I get the block page with or without the URL filtering profile. The URL filtering profile just adds extra entry in the URL filtering log.

 

Thanks

Hi,

 

Which version of PANos are you testing this on?

 

kr,

Tommy

ACE8, PCNSE,PCNSC
PSE Platform Professional
PSE Endpoint Professional

L4 Transporter

@junior_r Please see below the detailed explanation of the firewall packet flow sequence. 

Security Profiles/Content Inspection are ALWAYS applied after the policy evaluation. If the policy set to drop, the profiles will never be applied: 

 

https://knowledgebase.paloaltonetworks.com/servlet/rtaImage?eid=ka10g000000bxnJ&feoid=00N0g000003VPS...

 

Hey,

 

I just re-tested it with panos 9.0.2 and apparently you don't need to url filter profile anymore to get a block page and it is also loggen in the url filter log.

 

I used to test this in 8.1 and there I did need to put the url profile...

 

kr,

 

Tommy

ACE8, PCNSE,PCNSC
PSE Platform Professional
PSE Endpoint Professional
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!