This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

URL Filtering issues with 8.0

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

URL Filtering issues with 8.0

Paul_Taylor
L0 Member

‎06-03-2017 11:19 AM - edited ‎06-03-2017 11:29 AM

I'm using a PA-220 with 8.0.2.  I have a profile defined which blocks several categories (malware, things not kid friendly, etc) including web-advertisements (the number one thing that gets blocked).  It keeps blocking access to youtube videos.  In the URL Filtering log entry, it shows these URLs in the "streaming-media" category, which is an allowed category, yet the log entry shows "block-url" as the action.  These log entries show the application as google-base, or youbtube-base.  Either way, it's blocking these URLs.  I've also tried setting web-advertisements to alert, but it's still blocking media-streaming...

 

You can go to "www.youtube.com" just fine, but when you select a video, it seems to hang.  I'm also doing SSL decrypt, if that makes a difference.

 

Edit to add:  A bit above this rule is a similar rule limited to a source object, but it has a different URL profile that only blocks malware.  Machines that hit this rule don't seem to have this youtube issue.  

 

Any idea what I'm doing wrong, or does this sound like a bug?

0 Likes Likes
3 REPLIES 3

pulukas
L7 Applicator

‎06-04-2017 04:39 AM

From what you describe here it does sound like a possbile bug.

 

And I would continue with the troubleshooting method you have started.  Adding back in one category at at time and finding the one that triggers the block.  This should then give you both a work around and all the information support will need to find the final fix.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes

Paul_Taylor
L0 Member
In response to pulukas

‎06-10-2017 06:11 PM

Well, I've not been able to determine what the issue is.  I've even added youtube.com (and www.youtube.com) to the whitelist for the policy on the rule allowing the traffic and it's still not working.  

 

 In fact, some of the entries, instead of listing the category as "streaming-media", have "allow-list" as the category...  Though, further to the right, of course, the action is "block-url"...

0 Likes Likes

pulukas
L7 Applicator
In response to Paul_Taylor

‎06-11-2017 04:37 PM

I am thinking the issue is either the decryption is not working correctly or app id update is not correctly classiifying the traffic.

 

This is how to test decrytion

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Implement-and-Test-SSL-Decryption...

 

And be sure to run the updates to have the latest app id on the firewall.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes
  • 2253 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks