URL filtering

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

URL filtering

L4 Transporter

Who is using URL filtering? Is it worth the added cost? Is there any way to do it without the license?

1 accepted solution

Accepted Solutions

To configure Wildfire, just do as the documents say. The only thing you dont get by not having the license is the quick turnaround on file detonations and also you wont get updates every 15 minutes (or so).

 

The base wildfire is already part of the threat license, the additional license gets you the same thing except quicker.

 

https://live.paloaltonetworks.com/t5/Articles/Wildfire-Configuration-Testing-and-Monitoring/ta-p/577...

 

As for the descriptions for the URL filtering module, here is an article I use frequently for the executives to use to tell me what to block.

 

https://urlfiltering.paloaltonetworks.com/CategoryList.aspx

 

Hope this help!

View solution in original post

8 REPLIES 8

L6 Presenter

The short answer is probably yes it's worth it.

 

What's the size of your company?

Do you have an HR policy that requires you to restrict "offensive" content?

Do you implicitly trust the Threat (subscription) service intelligence?

Do you implictly trust the Wild-Fire (can be a subscription) service intelligence?

 

The Palo URL Filtering service isn't as good as I had hopped it would be, but it still does a good job.  Until recently PAN-DB categorized www.funnyordie.com as "Questionable".  It was a battle with the URL team to get them to categorize it as something other than Questionable.  It took > 5 days through a TAC case after 2 separate auto-categorization requests that were initially denied.

 

For the most part, especially as it relates to malware getting site recategorized are a pain, but things seem to be improving.

 

 

What benefit are you looking to get?

I work at a college of 5000 and we are looking to keep the network safe from breaches more than anything. We are currently using the threat prevention subscription and have benefitted a lot from it, but the price of these subscriptions are outrageous. I do not know if there is a HR policy restricting offensive content and how offensive content would be described. We do not have wild fire and at this point I don't see a need for it in our environment.

Easy stuff first...

 

Eventhough you don't purchase the WF subscription you can still benefit from it.  I'm not certain the timelines, when items deamed "malware" get included into to "Threats" if at all, but even w/o a WF subscription you're still allowed to send files to the WF cloud.  You just only get sig updates ever 24-hrs vice every 30 minutes.

 

As to URL subscriptions.  With it you'd be able to deny users/students from accessing gambling, pronography, hate type sites.  Those would be the ones that i would classify as an "Offensive" nature.  Then there's Anonymizers, drugs, hacking, malware, phishing, and "parked" type sites that URL filtering would provide restrictions on.

 

For our network we get thousands of hits to "malware," but that includes guest IP space.  Being able to block "parked" domains are good because they're typically used by hackers as those domains typically have no relavant INet traffic except as an infection source.

How do you do the wild fire that doesn't require the subscription?  Yeah I am aware of what filtering would give us I just don't think I should have to pay for it as a subscription and such a high priced subscription I was hoping there was a cheaper way to do it.

I don't know what a parked domain is and what the benefits of blocking it would be.

To configure Wildfire, just do as the documents say. The only thing you dont get by not having the license is the quick turnaround on file detonations and also you wont get updates every 15 minutes (or so).

 

The base wildfire is already part of the threat license, the additional license gets you the same thing except quicker.

 

https://live.paloaltonetworks.com/t5/Articles/Wildfire-Configuration-Testing-and-Monitoring/ta-p/577...

 

As for the descriptions for the URL filtering module, here is an article I use frequently for the executives to use to tell me what to block.

 

https://urlfiltering.paloaltonetworks.com/CategoryList.aspx

 

Hope this help!

I followed the documents but it is failing to register to the wildfire server using wildfire-default-cloud is this the correct one for the service without the subscription

Hello,

Yes that is the same one. Check your logs to see if you maybe blocking the traffic? If you are not blocking the traffic, then it could be a registration issue, I had one and they had to dig deep to figure it out. To check this follow the steps in the testing area of this link, https://live.paloaltonetworks.com/t5/Articles/Wildfire-Configuration-Testing-and-Monitoring/ta-p/577...

 

Mine tested registration just fine, but then showed it wasnt registered in the status section. If that is the case, you have to open a case with support.

 

Regards,

Yeah I will probably get on the phone with support and see if they can find the issue.

  • 1 accepted solution
  • 3776 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!