URL filtering

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

URL filtering

L3 Networker

I have one query it is necessary to add a URL Category to add in URL Filtering Profile or I can add a separate URL category in the Security policy without adding any URL filtering Profile.

for example, I Create a URL Category name test which having some testing site then after I create a Policy to LAN (INSIDE) to WAN (OUTSIDE) add some users and add only the URL category in Service/URL category in the Policy tab not add URL filtering in that.

Will the Policy match/get Hit count or It will not match not getting hit??


Cyber Elite
Cyber Elite



Below is the Flow Logic of the PANW FW.  Note that Security Policies are evaluated before Security Profiles.

Due to this, it is very possible to put a URL category in a Security Policy as a matching condition.




Any other questions? Let us know.

Help the community: Like helpful comments and mark solutions

Cyber Elite
Cyber Elite


Yes you can do this. I do it all the time. Just make sure the policy is higher in the list of your general web browsing filter policy if you have one.


Thanks but i need to know when I make some URL Category and add in Services/URL so its necessary to add URL filtering profile.


Thanks but I need to know when I make some URL Category and add in Services/URL so its necessary to add URL filtering profile. You Understand my question right??

@FarhanKoujalgi If you want to create a policy for only one or a few specific URL categories, then you add this directly to the security policy. An example would be you generally block up and downloads with a fileblocking profile but maybe you want to enable downloads for the url category filesharing. In this case you create a dedicated rule with URL category fileaharing and a different fileblocking profile than you have in your general rule that allows web access. The url filtering profile is not exactly for the same use case. Allowing and blocking webaccess with an url filtering profile on one side enables url filtering logs (you won't have these logs only by adding an url category directly to the security policy rule) and it also is used to present a block response page to the user in case a website is opened that is blocked in the url filtering profile. So mainly because of the logging reason I also add url filtering profiles to rules where I specify an url category directly in the security policy rule. I hope this helps.

No, its not required. 

Shehriyar Ahmed
  • 6 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!