This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

HELP: How to block access to any site except those on a whitelist...

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

HELP: How to block access to any site except those on a whitelist...

LCMember4427
L3 Networker

‎05-21-2018 12:43 PM

Hi,

 

On a certain Zone I need to block access to anything else but these URLs on a whitelist like this:

 

edition.cnn.com/health
edition.cnn.com/travel
money.cnn.com/technology/

 

How can I do that most elegantly (I have a VM-100 with latest PanOS)

 

Thanks a lot for a quick reply on this, I have tried with URL filtering but to no avail...

 

Tor

0 Likes Likes
3 REPLIES 3

Remo
L7 Applicator

‎05-21-2018 01:04 PM

  1. Configure and enable TLS decryption*: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/decryption/configure-ssl-forward-pro...
  2. Create a custom URL category with your entries
  3. Create a security policy where you add your custom URL category directly into your rule (in the service tab)
  4. Do not create any other rule except a deny-all rule for that zone

*without TLS decryption you'll be only able to filter for the domainname but not edition.cnn.com/health

0 Likes Likes

LCMember4427
L3 Networker
In response to Remo

‎05-21-2018 01:19 PM

Hi,

 

Thanks for the quick reply. 

 

I have actually tried to create a custom URL category as you suggest using create URL Filtering Profile / Override tab and entered the list of 'white' URL's in the left (Allow List) listbox. 

 

Secondly I added this profile to the Security policy for the Zone in question.  However, despite this, it unfortunately still allows traffic from any URL.

 

What am I missing..?

0 Likes Likes

Remo
L7 Applicator
In response to LCMember4427

‎05-21-2018 01:21 PM

If you use your method: have you set every URL category to block?

0 Likes Likes
  • 2286 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks