03-04-2020 08:15 PM
Hi,
I have configured the URLs to allow through the firewall with an alert category.
The firewall is allowing the URL but user get the "warning: Potential Security Risk Ahead" page with Go Back (recommended) and Advanced option.
Is there any technique to allow user directly go onto the URL page instead go to advanced and continue to the website?
I have also sent a reclassification request to Palo Alto. It takes 48 hours based on the Palo documentation. I think this is not an issue here. Might be user need to change settings on to their web browser!!
Thanks for your support.
Regards,
CP
03-04-2020 10:27 PM
@ChiragP Check if website have valid certificate. Mostly such errors are due to expired or invalid certificate on websites. Also you can try by adding website in trusted sites to avoid such errors.
hope it helps!
Mayur
03-05-2020 08:25 AM
Palo Alto classifies this URL as High Risk. It could be that Firefox also does some checking of a list of its own, and has determined that it could be an unsafe site.
https://urlfiltering.paloaltonetworks.com/query/
03-05-2020 09:37 AM
Hello,
Are you performing SSL decryption? If yes it could be that the client does not trust the certificate that the PAN is using for the decryption.
The alert selection means that the PAN will log the traffic. That is the only difference between Allow and Alert.
Just a thought
03-05-2020 10:08 AM
Hi OwenFuller,
So if Palo classifies the URL as HIgh Risk that could be also blocked, is that right?
I think this could be a browser own check as Mayuer said, however, I would like to know what happens until PAN-DB completes a site analysis and categorization of the site. Is this blocking even though we put the URL under the alert category?
I will check today the browser setting and allow URL as trust.
Thanks,
03-05-2020 10:20 AM
Well, it could be blocked of you're blocking the High Risk URL category. However, the point I was trying to make is that if Palo has classified that site as High Risk, it's possible someone else has also classified it as a risky site. I'm not sure whether Firefox checks any kind of list for site reputations or anything like that (I haven't used Firefox regularly in over a decade), but if it does, it could be deciding to warn you for that reason. The warning doesn't look like a standard Palo Alto block, but rather a block in Firefox. You really should look at your firewall logs to confirm whether that site is being blocked or allowed. Have you checked there for a log entry?
It could be a certificate issue, as one of the other comments suggested. If you're doing SSL decryption, I don't think Firefox honors the Windows trusted CA store. I think you have to import the cert directly into Firefox itself. Do you experience the same problem with other browsers?
03-05-2020 10:42 AM
Also, check the URL filtering policy that is attached to your security policy. What are the actions for the financial-services and high-risk categories?
03-05-2020 08:09 PM
Hi All,
There was a problem with certificate. They have not changed the certificate when moving the site from staging environment to production.
The action for financial services is allowed.
So I can say that even if the Palo classifies the URL as a high risk but allow explicitly it works.
Thanks for your time.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
