06-03-2021 09:59 AM
We're currently in the process of moving over from Cisco to Palo and are still trying to work through everything.
We currently have a URL profile attached to every policy and the only actions we have on categories are allow and deny. Should we set everything to at least alert so that they would appear in the URL Filtering logs?
Is there a way to view what URL a client is going to within the threat logs? I know you can see the URL category in the threat logs but I can't find a way to see the actual URL they went to like what is displayed in the URL Filtering logs?
06-03-2021 06:39 PM
Hi @bafergel
You wrote the solution already. To see the urls the clients are going to, you have to set the action in the url filtering profile to alert for all the categories.
06-03-2021 10:00 AM
Correction, meant traffic logs instead of threat logs
06-03-2021 06:39 PM
Hi @bafergel
You wrote the solution already. To see the urls the clients are going to, you have to set the action in the url filtering profile to alert for all the categories.
06-03-2021 09:34 PM
As @vsys_remo said you need to set the action to alert. I generally have a URL filtering profile called URL-Alert where most actions are alert so I can monitor what's going on. I find this is very helpful when trying to build a tighter policy as the URL filtering engine allows you to see most FQDNs that are being requested.
Even on an alert profile I always set categories such as phishing, c2, malware et al to block as a layer of protection.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
