Best/Most Efficient way to view exact URLs

cancel
Showing results for 
Search instead for 
Did you mean: 

Best/Most Efficient way to view exact URLs

L2 Linker

We're currently in the process of moving over from Cisco to Palo and are still trying to work through everything.

 

We currently have a URL profile attached to every policy and the only actions we have on categories are allow and deny. Should we set everything to at least alert so that they would appear in the URL Filtering logs?

 

Is there a way to view what URL a client is going to within the threat logs? I know you can see the URL category in the threat logs but I can't find a way to see the actual URL they went to like what is displayed in the URL Filtering logs?

 

 

Network Administrator
1 ACCEPTED SOLUTION

Accepted Solutions

Cyber Elite
Cyber Elite

Hi @bafergel 

You wrote the solution already. To see the urls the clients are going to, you have to set the action in the url filtering profile to alert for all the categories.

View solution in original post

3 REPLIES 3

L2 Linker

Correction, meant traffic logs instead of threat logs

Network Administrator

Cyber Elite
Cyber Elite

Hi @bafergel 

You wrote the solution already. To see the urls the clients are going to, you have to set the action in the url filtering profile to alert for all the categories.

View solution in original post

L2 Linker

As @vsys_remo said you need to set the action to alert. I generally have a URL filtering profile called URL-Alert where most actions are alert so I can monitor what's going on. I find this is very helpful when trying to build a tighter policy as the URL filtering engine allows you to see most FQDNs that are being requested.

 

Even on an alert profile I always set categories such as phishing, c2, malware et al to block as a layer of protection.

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!