I'm configuring my new PA3020. It is my first experience with the device and so far things seem to be going well. Here is my setup:
PA3020 positioned between current firewall and core switch in TAP mode.
URL Filtering license installed.
My question is:
When I look at the traffic logs I see that ~90% of the entries have a URL Category of "any". Even when the application is resolved, ie. facebook-base, the URL category is "any".
Is this normal behavior?
Any assistance is greatly appreciated.
Thanks for the reply.
URL database doesn't appear in the "Dynamic Updates" section:
The only place I can see that references it is in the "Licenses" section:
I've run the test url with the following results:
test url-info-host pokerstars.net
test url-info-cloud pokerstars.net
I'm not sure I understand the output.
I assumed you were using brightcloud database, and not pan-db. From the screenshot, you're pan-db url looks to be downloaded just fine.
For pan-db the test commands looks to be "test url-info-cloud" and "test url-info-host"
In my case: I don't have URL filtering license, so I only have a couple of custom URL categories defined. On the rule I'm working on I don't have URL filterig security profile applied. I only have my custom URL category used in URL Category field of security rule. As far as I know in such case URL categorisation should still be applied? Yet I have 'any' as URL category in traffic logs which implies URL categorization wasn't even applied.
Any ideas why is this not working?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!