This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Reputation score based policy? / URL-Filter w/o Threat Prevention

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Reputation score based policy? / URL-Filter w/o Threat Prevention

huangedmc
Not applicable

‎10-29-2013 07:27 AM

Question1:

We're in the middle of evaluating the PAN firewall 5050, and are generally impressed w/ what it can do, in terms of blocking & reporting, etc.

One feature we're looking for, but seems to be lacking is the ability to permit / block end users' web browsing based on reputation scores.

For example, a website that's normally in the allowed category, or not yet categorized in any way, may be compromised.

So while it's not in the "bad" URL category, it's temporarily assigned a low reputation score, based on the vendor's cloud.

If we were to use Cisco's IronPort, or CX firewall module, we would be able to set a policy that permits, or blocks websites that are assigned a low score (number ranges from -10 to +10).

Does PAN provide such a feature?

If not exactly the same feature, does it at least provide a similar mechanism to protect such threat? (legit site temporarily hacked, or a site that's not yet categorized, but is a known bad site)

Would that feature be included in URL-Filter, or Threat Prevention subscription, or something else?

=======================

Question 2:

It seems there are four different types of services that can only be utilized w/ a paid subscription.

We're mainly interested in URL-Filter, than Threat Prevention, then WildFire.

If we only get URL-Filter subscription, can we still identify apps & write policies based on the firewall's L7 visibility?

Or do we need the Threat Prevention subscription to do that?

thanks in advance for any reply.

0 Likes Likes
3 REPLIES 3

mbutt
L5 Sessionator

‎10-29-2013 08:23 AM

Hi,

To answer your first question i do not believe there is any feature where you can create policies based on reputation. However there is a mechanism of customer url category where you can yourself define which website to block. However this sounds to be an interesting feature and i will encourge you to contact your local Sales Engineer and have him file a feature request on your behalf.

For the second questions, yes even if you only have URL filtering license you will still be able to create security policies based on application and will have visibility on the firewall for L7. Threat prevention and URL are additional licenses that you can purchase but basic firewall will have app identification.


Hope this helps.

Numan

huangedmc
Not applicable
In response to mbutt

‎10-29-2013 10:12 AM

Thanks Numan,

Did you happen to see this thread, or were you notified because I had a support case open (00167798)?

Kevin

0 Likes Likes

mbutt
L5 Sessionator
In response to huangedmc

‎10-29-2013 09:43 PM

Hi Kevin,

It was just by chance.

Thanks

Numan

0 Likes Likes
  • 3197 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks