This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Custom URL Category in security rule - traffic log shows allowed with "any" in URL Category field
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- General Topics
- Custom URL Category in security rule - traffic log shows allowed with "any" in URL Category field
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Custom URL Category in security rule - traffic log shows allowed with "any" in URL Category field
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-16-2017 08:21 AM
I've read the articles about the processes that take place when analyzing traffic and understand that sometimes there could be an allow status when it seems there shouldn't be. However it also seems that if the traffic truly shouldn't be allowed there would be an associated log entry with some kind of denial.
In my case there is no associated denial and I'm would still like to know why this traffic seems to be allowed when apparently not matching my Custom URL Category.
Forgive me if I'm still just misunderstanding something about this.
Thanks.
Here's what I'm seeing in my logs:
12 REPLIES 12
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-16-2017 08:27 AM
What if you also create a URL Filtering Profile (call it Alert All URL), configured with "alert" for all categories, and attach it to this rule?
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-16-2017 09:11 AM
Hi @herrmoss
Because of the any I think the reason is one of the following:
- You did not attach the custom URL category to the policy
- Traffic hits a rule before your rule with the attached custom URL category
If you share some more screenshots (logs with column 'rule', security policy in question, custom URL category), we should be able to help 😉
Regards,
Remo
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-16-2017 11:12 AM
Thanks for the reply.
Unfortunately we don't have a URL Filtering license as we have another solution for that function.
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-16-2017 11:33 AM
For that what you intended to do (at least what I understood) - blocking or allowing specific websites with a custom URL category directly referenced in the security policy, you don't need an URL filtering license. Even for the logging part, mentionned by @jvalentine, there are workarounds that you will see the URL logs, without the license (only a workaround, not a recommended way)
Related Content
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks