cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

custom url category issues

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
zarina
L5 Sessionator
‎07-23-2013 12:26 PM
‎07-23-2013 12:26 PM

You can set the action to allow/deny URLs when the license expires: https://live.paloaltonetworks.com/docs/DOC-4329

0 Likes
Reply
panos
L6 Presenter
‎07-23-2013 02:07 PM
‎07-23-2013 02:07 PM

if you will only use your own custom list you don't need a license.That works without license.

0 Likes
Reply
dyang
L5 Sessionator
‎07-23-2013 04:52 PM
‎07-23-2013 04:52 PM

Hi everyone,

If you are only using custom categories or the allow/block list, you can do this without having a URL filtering license.  The "test url" CLI command queries the cloud and the on-device database for a URL category, which means that you must have a URL filtering license in order to use that command.  So for Brinkman's case where he's only using the custom category, this CLI command is not applicable. 

Brinkman, when you created your custom category, did you also attach it to a URL filtering object and attach that to your security policy?  From your description, it sounds like there's no URL filtering profile that's getting applied with the block.

--Doris

0 Likes
Reply
Brinkman
Not applicable
‎07-24-2013 01:10 PM
‎07-24-2013 01:10 PM

I can't use the profiles because I don't have the license for doing URL filtering, unless I'm missing something.

0 Likes
Reply
dyang
L5 Sessionator
‎07-24-2013 01:21 PM
‎07-24-2013 01:21 PM

Hi Brinkman,

You can use a URL filtering profile, but you can only use the allow/block list and custom category portion of a profile - you cannot use any of the categories that are provided to you without a URL filtering license.

--Doris

Reply
Blackstone
L0 Member
‎07-24-2013 04:49 PM
‎07-24-2013 04:49 PM

Since you know what websites you want to specifically allow, you can just add those specific IP's to an Address Group. Then change your first security rule and add that new address group to the list of destinations instead of the any option.

0 Likes
Reply
Brinkman
Not applicable
‎07-25-2013 05:42 AM
‎07-25-2013 05:42 AM

The problem with that is I have 8-10 sites that each use between 40-50 IP addresses and can have new ones added as the load increases on them, so I would have a situation where everything could work one day and then the next I would start to see random blocks because they added a new server that isn't in my IP list.

0 Likes
Reply
mr.linus
L4 Transporter
‎07-25-2013 06:57 AM
‎07-25-2013 06:57 AM

why not block on fqdn destoination object?

0 Likes
Reply
ukhapre
L3 Networker
‎07-26-2013 12:28 PM
‎07-26-2013 12:28 PM

URL filtering enabled         : True


You can remove the profile altogether or adjust URL filters accordingly


URL filtering matches in following order.


Block list

Allow list

Custom

DP cache

MP cache

Cloud

0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2021 - Palo Alto Networks