07-09-2021 06:03 AM
I have one query it is necessary to add a URL Category to add in URL Filtering Profile or I can add a separate URL category in the Security policy without adding any URL filtering Profile.
for example, I Create a URL Category name test which having some testing site then after I create a Policy to LAN (INSIDE) to WAN (OUTSIDE) add some users and add only the URL category in Service/URL category in the Policy tab not add URL filtering in that.
Will the Policy match/get Hit count or It will not match not getting hit??
07-09-2021 06:48 AM
Below is the Flow Logic of the PANW FW. Note that Security Policies are evaluated before Security Profiles.
Due to this, it is very possible to put a URL category in a Security Policy as a matching condition.
Any other questions? Let us know.
07-09-2021 10:24 AM
Hello,
Yes you can do this. I do it all the time. Just make sure the policy is higher in the list of your general web browsing filter policy if you have one.
Regards,
07-10-2021 12:38 AM
Thanks but i need to know when I make some URL Category and add in Services/URL so its necessary to add URL filtering profile.
07-10-2021 12:38 AM
Thanks but I need to know when I make some URL Category and add in Services/URL so its necessary to add URL filtering profile. You Understand my question right??
07-10-2021 03:59 AM
@FarhanKoujalgi If you want to create a policy for only one or a few specific URL categories, then you add this directly to the security policy. An example would be you generally block up and downloads with a fileblocking profile but maybe you want to enable downloads for the url category filesharing. In this case you create a dedicated rule with URL category fileaharing and a different fileblocking profile than you have in your general rule that allows web access. The url filtering profile is not exactly for the same use case. Allowing and blocking webaccess with an url filtering profile on one side enables url filtering logs (you won't have these logs only by adding an url category directly to the security policy rule) and it also is used to present a block response page to the user in case a website is opened that is blocked in the url filtering profile. So mainly because of the logging reason I also add url filtering profiles to rules where I specify an url category directly in the security policy rule. I hope this helps.
07-11-2021 05:47 AM
No, its not required.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
