URL filtering response pages

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

URL filtering response pages

L6 Presenter

Hello Guys,

 

Could you advise, please?  Few questions regarding response pages when URL filtering is implemented.

Defined action continue for any web category like social-networking. Users receive a response page & click on continue and able to access the website. But when accessing any other websites from social-networking category users doesn't get a response page & direct access the website. Is it the way response pages suppose to work?

Second thing is that response page pushed from the firewall to clients over HTTP works wells but when users trying to access HTTPS based websites they don't receive a response page. Do l need an SSL Decryption in place for this to work or is there a way to make it work?

 

Thank you all,

Myky

1 accepted solution

Accepted Solutions

L6 Presenter

Unfortunately it's working as designed.

 

Palo doesn't track which indivudual websites within a category a user goes to, but rather the category itself.  So for "streaming-media" if you "continue" that category Netflix/Hulu/YouTube...etc will all be allowed to be accessed once the user goes to one of the sites in the category until the defined timeout period.

 

What we did at my company is created a Facebook / YouTube custom URL objects.  Used them in the security policy, then have a continue action in a URL profile.  We also have a "catch-all" kind of continue URL category  for other websites.

 

Just be aware that in general you do need SSL interception as well.  Some sites may or may not work without it.

View solution in original post

8 REPLIES 8

L6 Presenter

Unfortunately it's working as designed.

 

Palo doesn't track which indivudual websites within a category a user goes to, but rather the category itself.  So for "streaming-media" if you "continue" that category Netflix/Hulu/YouTube...etc will all be allowed to be accessed once the user goes to one of the sites in the category until the defined timeout period.

 

What we did at my company is created a Facebook / YouTube custom URL objects.  Used them in the security policy, then have a continue action in a URL profile.  We also have a "catch-all" kind of continue URL category  for other websites.

 

Just be aware that in general you do need SSL interception as well.  Some sites may or may not work without it.

Hello Brandon,

 

This is what l though for the particular category. Once you click "continue" action is taken for all other websites withing the same category. Thanks for this. Do you know if l can customise a timeout period? 

So for https websites, it is better to use SSL decryption so it can work correctly.

 

Thank you,

Myky

@TranceforLife  Device --> Content-ID  --> The timeout value is there.  Yes it's much better and consistent to do SSL interception

 

Content-ID.PNG

Hi Brandon,

 

Do you know if this timeout value will be calculated on each individual IP/User for that category?

 

Regards,

Mykhaylo

Yes, it's my understanding that the timeout is per user/URL cat. I've never validated though.

Thx Brandon

But it can work without user id so l guess it is actually using IP address. 

@TranceforLife sorry yeah, I was using the term synonymously.  

Cheers Brandon 

  • 1 accepted solution
  • 3871 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!