there is a way to log with alert when using a cat in TAB "Url Category"?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

there is a way to log with alert when using a cat in TAB "Url Category"?

Not applicable

Hi,

All my URL profil is config with ALERT instead of allow.  So i log any URL block or accept.

But the problem is im not able to ALERT if i unblock or block a category under policies TAB name "URL Category".

I have no choice, my rules are set in this way.  I have a default URL profil that give access to most of the category.

But i have some sepcifics rules set using Tab "url category".  Im not able to do this using profiles for those specifics rules.

Maybe there a new feature request that will add ALERT choice in this tab?

1 accepted solution

Accepted Solutions

A URL filtering profile is required for a URL log entry to be created.  By specifying a URL in the "URL Category" portion of the security policy you will only see the category logged in the traffic log area.  If a URL filtering profile is applied to rule#1 with all categories set to alert then a URL log entry would be generated for traffic hitting that policy.

View solution in original post

8 REPLIES 8

L6 Presenter

Hi...The logging for the security rules including the dst=URL category under the Policies tab is the traffic log.  You can view the allow/deny in the traffic log under Monitor tab.  The logging for URL filtering profile(s) are found in the url filtering' log.  Thanks.

L5 Sessionator

Yes this i know it already.  But i need to log in URL log - using alert.  Its what is do for all URL profiles created.  But i have some rule that dont use any URL profiles.  Some rule use the TAB "URL Category".  Exemple : of my rules set :

rule#1: i open "internet-communiactions" using TAB "URL-CATEGORY", without any URL profil--> this is log only in traffic.  I cannot force the ALERT to get full URL logs in threat log...

Rule#2: the default rule, with the URL default profil.  Its give acces to all users for default categories need.

So what is missing is alert possibility in the "URL Category" tab.

A URL filtering profile is required for a URL log entry to be created.  By specifying a URL in the "URL Category" portion of the security policy you will only see the category logged in the traffic log area.  If a URL filtering profile is applied to rule#1 with all categories set to alert then a URL log entry would be generated for traffic hitting that policy.

Additionally, you will only see logs in the URL filtering log if the security policy allows the traffic. The PAN device needs to allow the traffic before content inspection can be performed and URL filtering applied and the appropriate alert of block action carried out.

kfindlen a écrit:

A URL filtering profile is required for a URL log entry to be created.  By specifying a URL in the "URL Category" portion of the security policy you will only see the category logged in the traffic log area.  If a URL filtering profile is applied to rule#1 with all categories set to alert then a URL log entry would be generated for traffic hitting that policy.

By doing this, (URL filtering profile applied to rule#1 with all cat set to alert) ,  this will open all category to users?

i suppose not, because i have put only internet communications in URL cat TAB?

Just need a confirmation to be sure.

thanks!

That is correct, the URL category in the security policy is part of the match criteria, meaning that the policy will only be hit when the site that they are going to matches a site in that URL category. Try it out with a test site in a custom category.

SCoupland a écrit:

That is correct, the URL category in the security policy is part of the match criteria, meaning that the policy will only be hit when the site that they are going to matches a site in that URL category. Try it out with a test site in a custom category.

yes i will test this today

thanks!

  • 1 accepted solution
  • 4606 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!