URL Filtering issues with 8.0

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

URL Filtering issues with 8.0

L0 Member

I'm using a PA-220 with 8.0.2.  I have a profile defined which blocks several categories (malware, things not kid friendly, etc) including web-advertisements (the number one thing that gets blocked).  It keeps blocking access to youtube videos.  In the URL Filtering log entry, it shows these URLs in the "streaming-media" category, which is an allowed category, yet the log entry shows "block-url" as the action.  These log entries show the application as google-base, or youbtube-base.  Either way, it's blocking these URLs.  I've also tried setting web-advertisements to alert, but it's still blocking media-streaming...

 

You can go to "www.youtube.com" just fine, but when you select a video, it seems to hang.  I'm also doing SSL decrypt, if that makes a difference.

 

Edit to add:  A bit above this rule is a similar rule limited to a source object, but it has a different URL profile that only blocks malware.  Machines that hit this rule don't seem to have this youtube issue.  

 

Any idea what I'm doing wrong, or does this sound like a bug?

3 REPLIES 3

L7 Applicator

From what you describe here it does sound like a possbile bug.

 

And I would continue with the troubleshooting method you have started.  Adding back in one category at at time and finding the one that triggers the block.  This should then give you both a work around and all the information support will need to find the final fix.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Well, I've not been able to determine what the issue is.  I've even added youtube.com (and www.youtube.com) to the whitelist for the policy on the rule allowing the traffic and it's still not working.  

 

 In fact, some of the entries, instead of listing the category as "streaming-media", have "allow-list" as the category...  Though, further to the right, of course, the action is "block-url"...

I am thinking the issue is either the decryption is not working correctly or app id update is not correctly classiifying the traffic.

 

This is how to test decrytion

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Implement-and-Test-SSL-Decryption...

 

And be sure to run the updates to have the latest app id on the firewall.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 2303 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!