Anyone know what happens when you have traffic set to deny/drop and you have URL filtering profile applied? Does it log the traffic in URL monitor when its blocked?
Logs will be created in the url filtering log. For example I've created a policy 'Block Malicious Web Categories' and have put the malware, phising, c&c in the url category option of the policy , action set to deny and attached a URL filtering profile with all categories set to block. To profile is there for logging and presenting the user with a block page.
will you still get a block page if URL filtering profile had all categories set to alert and action on rule set to deny?
No you wont get the block page if only the action is deny on the policy. It is the security profile that triggers the block page.
Just did a test anytime I add a URL category to a deny rule I get the block page with or without the URL filtering profile. The URL filtering profile just adds extra entry in the URL filtering log.
Which version of PANos are you testing this on?
@junior_r Please see below the detailed explanation of the firewall packet flow sequence.
Security Profiles/Content Inspection are ALWAYS applied after the policy evaluation. If the policy set to drop, the profiles will never be applied:
I just re-tested it with panos 9.0.2 and apparently you don't need to url filter profile anymore to get a block page and it is also loggen in the url filter log.
I used to test this in 8.1 and there I did need to put the url profile...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!