08-24-2015 12:38 PM
Who is using URL filtering? Is it worth the added cost? Is there any way to do it without the license?
08-26-2015 03:50 PM
To configure Wildfire, just do as the documents say. The only thing you dont get by not having the license is the quick turnaround on file detonations and also you wont get updates every 15 minutes (or so).
The base wildfire is already part of the threat license, the additional license gets you the same thing except quicker.
As for the descriptions for the URL filtering module, here is an article I use frequently for the executives to use to tell me what to block.
https://urlfiltering.paloaltonetworks.com/CategoryList.aspx
Hope this help!
08-24-2015 02:04 PM
The short answer is probably yes it's worth it.
What's the size of your company?
Do you have an HR policy that requires you to restrict "offensive" content?
Do you implicitly trust the Threat (subscription) service intelligence?
Do you implictly trust the Wild-Fire (can be a subscription) service intelligence?
The Palo URL Filtering service isn't as good as I had hopped it would be, but it still does a good job. Until recently PAN-DB categorized www.funnyordie.com as "Questionable". It was a battle with the URL team to get them to categorize it as something other than Questionable. It took > 5 days through a TAC case after 2 separate auto-categorization requests that were initially denied.
For the most part, especially as it relates to malware getting site recategorized are a pain, but things seem to be improving.
What benefit are you looking to get?
08-25-2015 06:26 AM
I work at a college of 5000 and we are looking to keep the network safe from breaches more than anything. We are currently using the threat prevention subscription and have benefitted a lot from it, but the price of these subscriptions are outrageous. I do not know if there is a HR policy restricting offensive content and how offensive content would be described. We do not have wild fire and at this point I don't see a need for it in our environment.
08-25-2015 01:27 PM
Easy stuff first...
Eventhough you don't purchase the WF subscription you can still benefit from it. I'm not certain the timelines, when items deamed "malware" get included into to "Threats" if at all, but even w/o a WF subscription you're still allowed to send files to the WF cloud. You just only get sig updates ever 24-hrs vice every 30 minutes.
As to URL subscriptions. With it you'd be able to deny users/students from accessing gambling, pronography, hate type sites. Those would be the ones that i would classify as an "Offensive" nature. Then there's Anonymizers, drugs, hacking, malware, phishing, and "parked" type sites that URL filtering would provide restrictions on.
For our network we get thousands of hits to "malware," but that includes guest IP space. Being able to block "parked" domains are good because they're typically used by hackers as those domains typically have no relavant INet traffic except as an infection source.
08-26-2015 01:15 PM
How do you do the wild fire that doesn't require the subscription? Yeah I am aware of what filtering would give us I just don't think I should have to pay for it as a subscription and such a high priced subscription I was hoping there was a cheaper way to do it.
I don't know what a parked domain is and what the benefits of blocking it would be.
08-26-2015 03:50 PM
To configure Wildfire, just do as the documents say. The only thing you dont get by not having the license is the quick turnaround on file detonations and also you wont get updates every 15 minutes (or so).
The base wildfire is already part of the threat license, the additional license gets you the same thing except quicker.
As for the descriptions for the URL filtering module, here is an article I use frequently for the executives to use to tell me what to block.
https://urlfiltering.paloaltonetworks.com/CategoryList.aspx
Hope this help!
08-28-2015 11:51 AM
I followed the documents but it is failing to register to the wildfire server using wildfire-default-cloud is this the correct one for the service without the subscription
08-28-2015 01:06 PM
Hello,
Yes that is the same one. Check your logs to see if you maybe blocking the traffic? If you are not blocking the traffic, then it could be a registration issue, I had one and they had to dig deep to figure it out. To check this follow the steps in the testing area of this link, https://live.paloaltonetworks.com/t5/Articles/Wildfire-Configuration-Testing-and-Monitoring/ta-p/577...
Mine tested registration just fine, but then showed it wasnt registered in the status section. If that is the case, you have to open a case with support.
Regards,
08-28-2015 02:12 PM
Yeah I will probably get on the phone with support and see if they can find the issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
