URL Filtering - is this necessary - need clarification

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

URL Filtering - is this necessary - need clarification

L4 Transporter

My predecessor managing the Palo firewalls always entered a website/URL four times in the URL Blocklist using the format below as an example:

 

netflix.com

*.netflix.com

netflix.com/

*.netflix.com/

 

Is this really necessary?

 

Doesn't *.netflix.com accomplish the same thing or are these all necessary? 

 

The examples here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oM79CAE

don't really answer the question - what do I enter to block everything to google.com (using the example in the doc) regardless of subdomains or pages or whatever.

 

Thanks. This may seem obvious but I'm not following this for some reason or, maybe, you really do need all four entries.

 

 

1 accepted solution

Accepted Solutions

L5 Sessionator

It depends on the PAN-OS version you are running. I believe that before 10.2 Palo default appended urls with a "*" at the end if nothing was specified. so thus why you would create a url with "/" at the end. But 10.2 and after Palo now default appends with "/" if nothing is specified. The url *.netflix.com wouldnt hit if the url was just neflix.com but would cover things like www.netflix.com

 

So assuming youre running a pre-10.2 pan-os version here are some examples of urls that would be hit:

 

netflix.com - netflix.com.phising.com

*.netflix.com - www.netflix.com.test.com

netflix.com/ - netflix.com or netflix.com/movie/play

*.netflix.com/ - www.netflix.com  or www.netflix.com/movie/play

 

 

Pan-os 10.2 or later

 

netflix.com - netflix.com or netflix.com/movie/play

*.netflix.com - www.netflix.com or www.netflix.com/movie/play

netflix.com/ - netflix.com or netflix.com/movie/play (netflix.com/ and netflix.com would be the same)

*.netflix.com/ - www.netflix.com or www.netflix.com/movie/play (*.netflix.com and *.netflix.com/ would be the same)

View solution in original post

2 REPLIES 2

L5 Sessionator

It depends on the PAN-OS version you are running. I believe that before 10.2 Palo default appended urls with a "*" at the end if nothing was specified. so thus why you would create a url with "/" at the end. But 10.2 and after Palo now default appends with "/" if nothing is specified. The url *.netflix.com wouldnt hit if the url was just neflix.com but would cover things like www.netflix.com

 

So assuming youre running a pre-10.2 pan-os version here are some examples of urls that would be hit:

 

netflix.com - netflix.com.phising.com

*.netflix.com - www.netflix.com.test.com

netflix.com/ - netflix.com or netflix.com/movie/play

*.netflix.com/ - www.netflix.com  or www.netflix.com/movie/play

 

 

Pan-os 10.2 or later

 

netflix.com - netflix.com or netflix.com/movie/play

*.netflix.com - www.netflix.com or www.netflix.com/movie/play

netflix.com/ - netflix.com or netflix.com/movie/play (netflix.com/ and netflix.com would be the same)

*.netflix.com/ - www.netflix.com or www.netflix.com/movie/play (*.netflix.com and *.netflix.com/ would be the same)

So it sounds like we do want all four since we are on 10.1.x (the latest...) and would want to account for country code version variations of sites such as netflix.com.au (if that existed...).

 

10.2 and up sounds like we can trim this back to two entries we just aren't there yet.

  • 1 accepted solution
  • 883 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!