Suppose I create a Custom URL category called "myCategory", including "*.microsoft.com" and "microsoft.com".
Before implementing the changes, I see in the URL logs the following category:
After creating the category, I still see business-and-economy even after "clear url-cache all".
However, when I create a Custom URL category called "myLocalDomain" including ".test" and commit,
I see in the logs: myLocalDomain as category.
Why am I seeing contradicting results for categorized and un-categorized websites? What would be the expected behavior (so what should I see in the URL logs) ?
I was able to go to microsoft.com with the custom URL category configured and the URL logs indicated the category to be 'test' - which was the custom category in my case.
Please see the attached screenshot for my setup.
PANOS:5.0.7. URL version: 4169.
Let us know if your setup/configuration looks the same.
I suppose you used the URL filtering object in your policy rule to allow the traffic?
I only created the custom URL category object, I did not use it in a profile.
What I want to accomplish:
create a custom URL category with certain URL's in it and use that in a policy. However, in the URL logs, I still need to see the predefined category.
So system A can go to the URL's in the custom category, using the using the URL filtering profile also used by the rest of the rulebase.
(Our monitor checks a list of websites, both approved and denied, and alerts us when a website in unreachable or reachable. This way we get alerts for example when users can browse to adult websites.
We want to restrict the access from the monitor server though, to the URL's in the customer category)
How are you planning to block adult websites by not using a URL filtering profile in a security rule. Are you trying to use the 'URL Category section' of the security rule and use action as 'Deny' in the same rule?
A quick peak at your configuration will be more helpful.
The policy rule will contain the same URL filtering profile as for the rest of the company users. But additionally, the rule needs to block access to all websites for our monitor, except those from the list in the custom URL category.
So in the custom URL category will be: google.com, microsoft.com, playboy.com,... so our monitor will be able to check that it can access google and microsoft, but get's the Palo Alto block page when going to playboy.com. Except for those sites, all access needs to be blocked, therefore the need for the custom URL category that will be added to the security rule.
But I am afraid that from then on, the Palo Alto will categorize google and microsoft as "myCustomCategory" instead of their respective predefined categories and it will show up in the logs and reports.
I hope this is clear, otherwise I will add some screenshots
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!