Custom URL category - URL filtering logs displays which category?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Custom URL category - URL filtering logs displays which category?

L4 Transporter

Hey all,

Suppose I create a Custom URL category called "myCategory", including "*.microsoft.com" and "microsoft.com".

Before implementing the changes, I see in the URL logs the following category:

business-and-economy

After creating the category, I still see business-and-economy even after "clear url-cache all".

However, when I create a Custom URL category called "myLocalDomain" including ".test" and commit,

I see in the logs: myLocalDomain as category.

Why am I seeing contradicting results for categorized and un-categorized websites? What would be the expected behavior (so what should I see in the URL logs) ?

Kind regards

1 accepted solution

Accepted Solutions

Hi Bob,

I was able to get your desired behavior by configuring the URL Filtering Profile on the security rule to have 'myCustomCategory' set to action 'none'.

-Stefan

View solution in original post

7 REPLIES 7

L5 Sessionator

Hello bdeschut,

I was able to go to microsoft.com with the custom URL category configured and the URL logs indicated the category to be 'test' - which was the custom category in my case.

Please see the attached screenshot for my setup.

PANOS:5.0.7. URL version: 4169.

.Microsoft.jpg

Let us know if your setup/configuration looks the same.

Regards,
Kunal Adak

I suppose you used the URL filtering object in your policy rule to allow the traffic?

I only created the custom URL category object, I did not use it in a profile.

What I want to accomplish:

create a custom URL category with certain URL's in it and use that in a policy. However, in the URL logs, I still need to see the predefined category.

So system A can go to the URL's in the custom category, using the using the URL filtering profile also used by the rest of the rulebase.

(Our monitor checks a list of websites, both approved and denied, and alerts us when a website in unreachable or reachable. This way we get alerts for example when users can browse to adult websites.

We want to restrict the access from the monitor server though, to the URL's in the customer category)

Regards,

Bob

Hello Bob,

How are you planning to block adult websites by not using a URL filtering profile in a security rule. Are you trying to use the 'URL Category section' of the security rule and use action as 'Deny' in the same rule?

A quick peak at your configuration will be more helpful.

Regards,

Kunal Adak

Hey,

The policy rule will contain the same URL filtering profile as for the rest of the company users. But additionally, the rule needs to block access to all websites for our monitor, except those from the list in the custom URL category.

So in the custom URL category will be: google.com, microsoft.com, playboy.com,... so our monitor will be able to check that it can access google and microsoft, but get's the Palo Alto block page when going to playboy.com. Except for those sites, all access needs to be blocked, therefore the need for the custom URL category that will be added to the security rule.

But I am afraid that from then on, the Palo Alto will categorize google and microsoft as "myCustomCategory" instead of their respective predefined categories and it will show up in the logs and reports.

I hope this is clear, otherwise I will add some screenshots

Kind regards,

Bob

Hi Bob,

I was able to get your desired behavior by configuring the URL Filtering Profile on the security rule to have 'myCustomCategory' set to action 'none'.

-Stefan

I will test in my lab, thx for the hint!

Indeed sspringer, this does the trick. Thanks!

  • 1 accepted solution
  • 4035 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!