Logging of allowed URL attempts without allowing other traffic

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Logging of allowed URL attempts without allowing other traffic

L1 Bithead

Here is a simple example on what I am basically trying to do. 

We have two rules that allow access to certain domains. 

 

Rule 1 : Allow access to domainX.com 

Source: LAN
Destination: IP-Group

Security Profile: URL Filtering (Base-URL-Filtering-Profile)

Rule 2 : Allow access to domainY.com 

Source: LAN
Destination: Any 
Destination URL Category: DomainY.com 
Security Profile: URL Filtering (Base-URL-Filtering-Profile)


Assuming I wish to log the allowed attempts to DomainY, one might suggest that you just need to set the action as alert in the URL Filtering Base-URL-Filtering-Profile for that category. Yes, this is what is currently configured, however, wouldn't this cause web traffic that may have DomainY IP addresses in previous rules to be allowed ? If yes, isn't there a secure way to have it implemented where you are only logging attempts of URL allowed traffic without unintentionally allowing other traffic that could be matched by previous rules. 



1 REPLY 1

Cyber Elite
Cyber Elite

Would something like this work?

Rule 1 is more specific and will match only if website domain FQDN and URL match to domainY

 

Rule 1 : Allow access to domainY.com 

Source: LAN
Destination: FQDN-domainY.com
Destination URL Category: DomainY.com 
Security Profile: URL Filtering (Base-URL-Filtering-Profile)

 

Rule 2 : Allow access to domainX.com 

Source: LAN
Destination: IP-Group

Security Profile: URL Filtering (Base-URL-Filtering-Profile)

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 1053 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!