06-15-2023 06:45 AM - edited 06-15-2023 06:48 AM
My predecessor managing the Palo firewalls always entered a website/URL four times in the URL Blocklist using the format below as an example:
netflix.com
*.netflix.com
netflix.com/
*.netflix.com/
Is this really necessary?
Doesn't *.netflix.com accomplish the same thing or are these all necessary?
The examples here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oM79CAE
don't really answer the question - what do I enter to block everything to google.com (using the example in the doc) regardless of subdomains or pages or whatever.
Thanks. This may seem obvious but I'm not following this for some reason or, maybe, you really do need all four entries.
06-15-2023 08:24 AM - edited 06-15-2023 08:35 AM
It depends on the PAN-OS version you are running. I believe that before 10.2 Palo default appended urls with a "*" at the end if nothing was specified. so thus why you would create a url with "/" at the end. But 10.2 and after Palo now default appends with "/" if nothing is specified. The url *.netflix.com wouldnt hit if the url was just neflix.com but would cover things like www.netflix.com
So assuming youre running a pre-10.2 pan-os version here are some examples of urls that would be hit:
netflix.com - netflix.com.phising.com
*.netflix.com - www.netflix.com.test.com
netflix.com/ - netflix.com or netflix.com/movie/play
*.netflix.com/ - www.netflix.com or www.netflix.com/movie/play
Pan-os 10.2 or later
netflix.com - netflix.com or netflix.com/movie/play
*.netflix.com - www.netflix.com or www.netflix.com/movie/play
netflix.com/ - netflix.com or netflix.com/movie/play (netflix.com/ and netflix.com would be the same)
*.netflix.com/ - www.netflix.com or www.netflix.com/movie/play (*.netflix.com and *.netflix.com/ would be the same)
06-15-2023 08:24 AM - edited 06-15-2023 08:35 AM
It depends on the PAN-OS version you are running. I believe that before 10.2 Palo default appended urls with a "*" at the end if nothing was specified. so thus why you would create a url with "/" at the end. But 10.2 and after Palo now default appends with "/" if nothing is specified. The url *.netflix.com wouldnt hit if the url was just neflix.com but would cover things like www.netflix.com
So assuming youre running a pre-10.2 pan-os version here are some examples of urls that would be hit:
netflix.com - netflix.com.phising.com
*.netflix.com - www.netflix.com.test.com
netflix.com/ - netflix.com or netflix.com/movie/play
*.netflix.com/ - www.netflix.com or www.netflix.com/movie/play
Pan-os 10.2 or later
netflix.com - netflix.com or netflix.com/movie/play
*.netflix.com - www.netflix.com or www.netflix.com/movie/play
netflix.com/ - netflix.com or netflix.com/movie/play (netflix.com/ and netflix.com would be the same)
*.netflix.com/ - www.netflix.com or www.netflix.com/movie/play (*.netflix.com and *.netflix.com/ would be the same)
06-15-2023 08:58 AM
So it sounds like we do want all four since we are on 10.1.x (the latest...) and would want to account for country code version variations of sites such as netflix.com.au (if that existed...).
10.2 and up sounds like we can trim this back to two entries we just aren't there yet.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
