We're in the middle of evaluating the PAN firewall 5050, and are generally impressed w/ what it can do, in terms of blocking & reporting, etc.
One feature we're looking for, but seems to be lacking is the ability to permit / block end users' web browsing based on reputation scores.
For example, a website that's normally in the allowed category, or not yet categorized in any way, may be compromised.
So while it's not in the "bad" URL category, it's temporarily assigned a low reputation score, based on the vendor's cloud.
If we were to use Cisco's IronPort, or CX firewall module, we would be able to set a policy that permits, or blocks websites that are assigned a low score (number ranges from -10 to +10).
Does PAN provide such a feature?
If not exactly the same feature, does it at least provide a similar mechanism to protect such threat? (legit site temporarily hacked, or a site that's not yet categorized, but is a known bad site)
Would that feature be included in URL-Filter, or Threat Prevention subscription, or something else?
It seems there are four different types of services that can only be utilized w/ a paid subscription.
We're mainly interested in URL-Filter, than Threat Prevention, then WildFire.
If we only get URL-Filter subscription, can we still identify apps & write policies based on the firewall's L7 visibility?
Or do we need the Threat Prevention subscription to do that?
thanks in advance for any reply.
To answer your first question i do not believe there is any feature where you can create policies based on reputation. However there is a mechanism of customer url category where you can yourself define which website to block. However this sounds to be an interesting feature and i will encourge you to contact your local Sales Engineer and have him file a feature request on your behalf.
For the second questions, yes even if you only have URL filtering license you will still be able to create security policies based on application and will have visibility on the firewall for L7. Threat prevention and URL are additional licenses that you can purchase but basic firewall will have app identification.
Hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!