Traffic hitting policy rule it shouldn't

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Traffic hitting policy rule it shouldn't

L1 Bithead



PanOS 9.1.0

I need to block traffic to certain websites and domains.

I created a URL Category object and put just one site inside (

I then created a firewall rule like this:


Source zone: LAN

Source address: any

Dest Zone: WAN

Dest address: any

Application: any

Service/URL Category: my URL Category Object

Action: ALLOW


(I put it on Allow because for at first I just wanted to check what traffic is hitting this rule).

I immediately noticed a very high hit count on the rule and when I viewed the rule logs I noticed it is allowing loads of traffic that doesn't relate to

I'm affraid if I put this rule to Block it will block my outgoing traffic.


What am I missing 


My testing shows that it works as intended. If your traffic was allowed after changing that rule to action 'Deny', I would look into the order of the security policy rules and make sure that another rule didn't allow the traffic.

I don't have log at session start, only at session end.

And I checked again, and the traffic is allowed in a rule that is after my block rule.

So that's strange why the fw can't determine the URL category.

What are the URL's in the URL category? Can you test with ''?

For testing purposes I tried with '' 🙂



The URL should be ''.



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!