Url filtring

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Url filtring

L0 Member

Hello all,

 

Actualy we have 2 PA 3020 firewall in our company, we have some issue with the option URL filtring.

 

we have a policy block all user to acces to the web page with category (ex: games ...) 

 

in the monitor, I find the users who are bloked but i can't find who are allowed.

 

there are some users working with proxy (web plugin), how can i identify them .

 

thank you for your support.

5 REPLIES 5

L5 Sessionator

You won't see URL log filtering entries if your configuration for that category is set to "Allow", is this currently set? If so, change the action to "alert" which will give you log entries.

Cyber Elite
Cyber Elite

@Karim_CHERRATI,

In addition to what @LukeBullimore mentioned, if someone is using a proxy you won't see the URL of the proxied site. The whole point of using a proxy like that is to hide the traffic, in which case it's fairly effective. I would recommend that you simply block the 'proxy-avoidance-and-anonymizers' category so that the firewall will actively attempt to block these proxy sites. 

L0 Member

Hello,

 

The problem is that the category proxy-avoidance-and-anonymizers is already blocked, but there are some persone installe proxy plugin in the navigator ex (kproxy, hoxx ...)

 

i can find a list with all proxy used, but there is no logs in the monitor.

 

Proxy.PNG

 

 Category.PNG

You'll see those in the traffic or unified logs, not URL as it's an application and not URL category.

@Karim_CHERRATI,

So you're looking at two different things in your screenshots.

One would be applications with the sub-cateogry of 'proxy'; so you could deny the applications. The other is simply a URL category that would stop the user from accessing proxy websites or services by URL.

 

Personally if you are trying to block all of the proxies that someone could be attempting to use, I would both both the URL cateogry and setup an application filter to block any of the app-ids that align with the proxy services. Just make note however that proxies are generally something that you'll never get more then 'best effort' on, as they pop up constantly. 

  • 2476 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!