09-06-2016 05:48 AM
Hello Guys,
Could you advise, please? Few questions regarding response pages when URL filtering is implemented.
Defined action continue for any web category like social-networking. Users receive a response page & click on continue and able to access the website. But when accessing any other websites from social-networking category users doesn't get a response page & direct access the website. Is it the way response pages suppose to work?
Second thing is that response page pushed from the firewall to clients over HTTP works wells but when users trying to access HTTPS based websites they don't receive a response page. Do l need an SSL Decryption in place for this to work or is there a way to make it work?
Thank you all,
Myky
09-06-2016 06:27 AM
Unfortunately it's working as designed.
Palo doesn't track which indivudual websites within a category a user goes to, but rather the category itself. So for "streaming-media" if you "continue" that category Netflix/Hulu/YouTube...etc will all be allowed to be accessed once the user goes to one of the sites in the category until the defined timeout period.
What we did at my company is created a Facebook / YouTube custom URL objects. Used them in the security policy, then have a continue action in a URL profile. We also have a "catch-all" kind of continue URL category for other websites.
Just be aware that in general you do need SSL interception as well. Some sites may or may not work without it.
09-06-2016 06:27 AM
Unfortunately it's working as designed.
Palo doesn't track which indivudual websites within a category a user goes to, but rather the category itself. So for "streaming-media" if you "continue" that category Netflix/Hulu/YouTube...etc will all be allowed to be accessed once the user goes to one of the sites in the category until the defined timeout period.
What we did at my company is created a Facebook / YouTube custom URL objects. Used them in the security policy, then have a continue action in a URL profile. We also have a "catch-all" kind of continue URL category for other websites.
Just be aware that in general you do need SSL interception as well. Some sites may or may not work without it.
09-06-2016 06:44 AM - edited 09-07-2016 05:58 AM
Hello Brandon,
This is what l though for the particular category. Once you click "continue" action is taken for all other websites withing the same category. Thanks for this. Do you know if l can customise a timeout period?
So for https websites, it is better to use SSL decryption so it can work correctly.
Thank you,
Myky
09-06-2016 06:50 AM - edited 09-06-2016 06:50 AM
@TranceforLife Device --> Content-ID --> The timeout value is there. Yes it's much better and consistent to do SSL interception
09-07-2016 05:26 AM - edited 09-07-2016 06:32 AM
Hi Brandon,
Do you know if this timeout value will be calculated on each individual IP/User for that category?
Regards,
Mykhaylo
09-07-2016 07:22 AM
Yes, it's my understanding that the timeout is per user/URL cat. I've never validated though.
09-07-2016 07:32 AM
Thx Brandon
But it can work without user id so l guess it is actually using IP address.
09-07-2016 09:07 AM
@TranceforLife sorry yeah, I was using the term synonymously.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
