URL Category "any"

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

URL Category "any"

L2 Linker

Hi,

I'm configuring my new PA3020. It is my first experience with the device and so far things seem to be going well. Here is my setup:

PA3020 positioned between current firewall and core switch in TAP mode.

URL Filtering license installed.

My question is:

When I look at the traffic logs I see that ~90% of the entries have a URL Category of "any". Even when the application is resolved, ie. facebook-base, the URL category is "any".

Is this normal behavior?

Any assistance is greatly appreciated.

M

1 accepted solution

Accepted Solutions

URL categorisation only occurs if we perform URL filtering. Do you have a URL filtering profile applied to the policy that the traffic is hitting? It could simply be a URL filtering profile with all categories set to allow.

View solution in original post

6 REPLIES 6

L4 Transporter

I think 'any' means that the traffic hasn't undergone url categorization. Have you downloaded and installed the URL database under dynamic updates?

You can test if the the url categorization is working with the command "test url"

Thanks for the reply.

URL database doesn't appear in the "Dynamic Updates" section:

ss1.png

The only place I can see that references it is in the "Licenses" section:

ss2.png

I've run the test url with the following results:

test url-info-host pokerstars.net

Ancestors info:

BM:

pokerstars.net,1,3,gambling,,

and

test url-info-cloud pokerstars.net

BM:

pokerstars.net,9,3,gambling

I'm not sure I understand the output.

M

I assumed you were using brightcloud database, and not pan-db. From the screenshot, you're pan-db url looks to be downloaded just fine.

Try going through the troubleshooting part of the following document:

Also, you can find some useful commands here:

For pan-db the test commands looks to be "test url-info-cloud" and "test url-info-host"

URL categorisation only occurs if we perform URL filtering. Do you have a URL filtering profile applied to the policy that the traffic is hitting? It could simply be a URL filtering profile with all categories set to allow.

That was it!

Added a URL filter profile to the policy and now URLs are being categorized.

Thanks alot for the help!

M

In my case: I don't have URL filtering license, so I only have a couple of custom URL categories defined. On the rule I'm working on I don't have URL filterig security profile applied. I only have my custom URL category used in URL Category field of security rule. As far as I know in such case URL categorisation should still be applied? Yet I have 'any' as URL category in traffic logs which implies URL categorization wasn't even applied.

Any ideas why is this not working?

  • 1 accepted solution
  • 3925 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!