02-27-2013 08:46 AM
Hi,
I'm configuring my new PA3020. It is my first experience with the device and so far things seem to be going well. Here is my setup:
PA3020 positioned between current firewall and core switch in TAP mode.
URL Filtering license installed.
My question is:
When I look at the traffic logs I see that ~90% of the entries have a URL Category of "any". Even when the application is resolved, ie. facebook-base, the URL category is "any".
Is this normal behavior?
Any assistance is greatly appreciated.
M
02-27-2013 02:19 PM
URL categorisation only occurs if we perform URL filtering. Do you have a URL filtering profile applied to the policy that the traffic is hitting? It could simply be a URL filtering profile with all categories set to allow.
02-27-2013 01:07 PM
I think 'any' means that the traffic hasn't undergone url categorization. Have you downloaded and installed the URL database under dynamic updates?
You can test if the the url categorization is working with the command "test url"
02-27-2013 01:45 PM
Thanks for the reply.
URL database doesn't appear in the "Dynamic Updates" section:
The only place I can see that references it is in the "Licenses" section:
I've run the test url with the following results:
test url-info-host pokerstars.net
Ancestors info:
BM:
pokerstars.net,1,3,gambling,,
and
test url-info-cloud pokerstars.net
BM:
pokerstars.net,9,3,gambling
I'm not sure I understand the output.
M
02-27-2013 02:03 PM
I assumed you were using brightcloud database, and not pan-db. From the screenshot, you're pan-db url looks to be downloaded just fine.
Try going through the troubleshooting part of the following document:
Also, you can find some useful commands here:
For pan-db the test commands looks to be "test url-info-cloud" and "test url-info-host"
02-27-2013 02:19 PM
URL categorisation only occurs if we perform URL filtering. Do you have a URL filtering profile applied to the policy that the traffic is hitting? It could simply be a URL filtering profile with all categories set to allow.
02-27-2013 02:50 PM
That was it!
Added a URL filter profile to the policy and now URLs are being categorized.
Thanks alot for the help!
M
08-20-2014 01:21 AM
In my case: I don't have URL filtering license, so I only have a couple of custom URL categories defined. On the rule I'm working on I don't have URL filterig security profile applied. I only have my custom URL category used in URL Category field of security rule. As far as I know in such case URL categorisation should still be applied? Yet I have 'any' as URL category in traffic logs which implies URL categorization wasn't even applied.
Any ideas why is this not working?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
