custom url category issues

Reply
Highlighted
L5 Sessionator

You can set the action to allow/deny URLs when the license expires: https://live.paloaltonetworks.com/docs/DOC-4329

Highlighted
L6 Presenter

if you will only use your own custom list you don't need a license.That works without license.

Highlighted
L5 Sessionator

Hi everyone,

If you are only using custom categories or the allow/block list, you can do this without having a URL filtering license.  The "test url" CLI command queries the cloud and the on-device database for a URL category, which means that you must have a URL filtering license in order to use that command.  So for Brinkman's case where he's only using the custom category, this CLI command is not applicable. 

Brinkman, when you created your custom category, did you also attach it to a URL filtering object and attach that to your security policy?  From your description, it sounds like there's no URL filtering profile that's getting applied with the block.

--Doris

Highlighted
Not applicable

I can't use the profiles because I don't have the license for doing URL filtering, unless I'm missing something.

L5 Sessionator

Hi Brinkman,

You can use a URL filtering profile, but you can only use the allow/block list and custom category portion of a profile - you cannot use any of the categories that are provided to you without a URL filtering license.

--Doris

Highlighted
L0 Member

Since you know what websites you want to specifically allow, you can just add those specific IP's to an Address Group. Then change your first security rule and add that new address group to the list of destinations instead of the any option.

Highlighted
Not applicable

The problem with that is I have 8-10 sites that each use between 40-50 IP addresses and can have new ones added as the load increases on them, so I would have a situation where everything could work one day and then the next I would start to see random blocks because they added a new server that isn't in my IP list.

Highlighted
L4 Transporter

why not block on fqdn destoination object?

Highlighted
L3 Networker

URL filtering enabled         : True


You can remove the profile altogether or adjust URL filters accordingly


URL filtering matches in following order.


Block list

Allow list

Custom

DP cache

MP cache

Cloud

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!