I would like to suggest modifying the URL Filtering rules so that we can specify an action on the URL Allow list. Specifically, I would like to select "ALERT."
I have around 20 URL filter policies. I have MANY exceptions to rules. For example, Social-Media is blocked, yet Joe gets Facebook, and Mary gets LinkedIN. To create custom URL categories for all the individual exceptions would be a nightmare to maintain and cause dependency issues, as others have mentioned in the forums. Every time I'd want to create a new custom category I would have to go in and modify the allow/block/continue rule for every other policy. It would grow exponentially.
I also have everything in the URL filtering set to either block, alert, or continue. I need everything logged in the URL reports. However, if I add something to the allow list, it is not recorded in the URL filtering logs. I searched these forums and someone suggested putting the allow list in the block list, and setting the action to Alert.
I'm doing this, however it's not ideal. The logs show the traffic as "Block List" which is very confusing.
I suggest that Palo Alto add the ability to "Alert" on the Allow List.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!