can we log urls for deny rule?

Reply
Highlighted
L4 Transporter

can we log urls for deny rule?

I am trying to configure a sec policy so it will show the url log though the traffic is blocked. has anyone tried it? Please let me know.

thanks.

Tags (2)

Accepted Solutions
Highlighted
L2 Linker

Re: can we log urls for deny rule?

So I am doing an allow / deny by doing this.   For example geo-blocked country let's say Russia as destination:

  1. Security policy set to allow for TCP 80/443 (SSL/Web-Browsing) for destination Russia
  2. URL Filtering policy with all categories are set to Block.  This policy is assigned to Security policy mentioned above.
  3. Security policy set to Deny any any for Russia, this will cover the rest of the TCP/UDP ports

By doing this I create a Layer 3/4 Allow and a Layer 7 Deny.  I then can look at my URL Filtering logs and see exactly what URL's have been blocked for my Geo-Blocked country Russia.

 

View solution in original post


All Replies
Highlighted
L1 Bithead

Re: can we log urls for deny rule?

Hi There,

 

Yes, you can log the blocked URL sessions on firewall or panorama. Just enable the logging in the action Tab.

I would suggest to go through this short demo which will help answer related questions.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClmgCAC

 

Thanks,

Yogesh

Highlighted
L4 Transporter

Re: can we log urls for deny rule?

@ydhanuka  Thanks for the response. I do have url filtering on allow rules but wasn't sure if the traffic is going to be allowed if I apply this to a deny rule.

Highlighted
L2 Linker

Re: can we log urls for deny rule?

So I am doing an allow / deny by doing this.   For example geo-blocked country let's say Russia as destination:

  1. Security policy set to allow for TCP 80/443 (SSL/Web-Browsing) for destination Russia
  2. URL Filtering policy with all categories are set to Block.  This policy is assigned to Security policy mentioned above.
  3. Security policy set to Deny any any for Russia, this will cover the rest of the TCP/UDP ports

By doing this I create a Layer 3/4 Allow and a Layer 7 Deny.  I then can look at my URL Filtering logs and see exactly what URL's have been blocked for my Geo-Blocked country Russia.

 

View solution in original post

Highlighted
Cyber Elite

Re: can we log urls for deny rule?

for that you need to create destination as any

then under url say specfic site.

then you can see url logs but no traffic logs

MP
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!