- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
07-13-2017 10:07 AM
You could always create a custom security policy for that address and assign the URL Filtering profile directly to that one profile. Would that work for what you are trying to do?
07-13-2017 10:21 AM
Agree, URL filtering profiles per policy basis not per ip. One profile (or group) per policy. Get a separate policy as @BPry has already mentioned
07-13-2017 11:55 AM
okay so I make a url filtering profile for one single web address that we want to block and then create a security policy with that profile in it.
So if I can do this what does the url filtering subscription get you, we currently do no have it
07-13-2017 12:12 PM
@BPry - forgot to tag you
okay so I make a url filtering profile for one single web address that we want to block and then create a security policy with that profile in it.
So if I can do this what does the url filtering subscription get you, we currently do no have it
07-13-2017 12:15 PM
If you only want to log the accessed url's, allow only specific url's for example to a dmz server or as in your case you only need to block one (ore more) specific address(es) --> ther is no need for the url subscription
With the url subscription you can apply actions based on url categories. Here a few examples:
The list with possibilities is nearly endless 😉
But the main point is, that the subscription is for these categories and this is a point which you definately cannot do by yourself.
(Of course there are also other possibilities for "url filtering" for example DNS based, but this never gives you the control as you have it with actual http based url filtering)
07-13-2017 12:26 PM
But you know it might get very burdomson to manage if I start trying manually add url's, people may request them to be blocked frequently
07-13-2017 12:45 PM
With EDLs this task is pretty easy to manage.
And for websites in the wrong category our users simply have to wait until PaloAlto moves them to the right category (this process is at least much faster than with brightcloud) ... there still will be urgent requests but we did not have much of them in the past
07-13-2017 01:13 PM
when you are talking about EDL - External dynamic lists correct you mean ,list like MISP, emerging threat etc
07-13-2017 01:37 PM
Exactly I meant external dynamic lists ... such a list you can also use for the allow/block request from your users. Simply place it on an internal webserver where you can edit the file easily (with ftps, scp, smb) and a few minutes later (depending on how often you configure the sync) the website is allowed/blocked ondm your or (this is an even greater advantage) on all the firewalls you manage
07-13-2017 02:15 PM
Sure run the following in the CLI after you have modified it to match what you are looking for;
'request system external-list show type url name name'
You can then check against your EDLs easy enough. Sadly I don't believe there is a way to '| match' on this request.
07-13-2017 02:20 PM
Awesome I will check my other EDL lists
So what do you think about creating a rule/profile for just one URL
07-13-2017 03:38 PM
Depending on why the URL is needing to be blocked then yes. Generally though I would say that you should configure controllable EBLs, one for IP addresses and one for URLs, and then set them to auto-update at a resonable rate. This allows you to quickly deal with any issues like this and you don't really have to worry about them potentially not being on an EBL that you don't control.
07-14-2017 06:15 AM
We have had those kinds of lists set up for quite awhile but one of my coworker got an alert from bitsight about this URL
With this IP address 195.38.137.100and URL update.newinfoclientstack.com that is not in any of the EDL list that we currently have set up and asked if I could create a block list for that specific IP address. My first thought is that if I do it once I will start get a lot of requests for individual addresses. So I was looking for away to avoid that
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!