Thank you for reply @Fagani
unfortunately based on information from your reply, I am having a difficulty to understand what the issue could be. If I were in your situation, my starting point would be looking into URL logs. The first thing I would make sure that all allowed URL categories have action set to alert. Alert action allows traffic and records the logs. Also for the policies that are getting hit by this traffic, I would check in the traffic logs for "byte received" to confirm there is a response from web server.
We are having similar issues with security rules getting hit when a URL category is referenced. We moved the URL to destination instead of URL category and it fixed our issues. Let me know if you need more info on that and I can share our findings from the Palo Alto support case.
Okay, so to go into more detail, I'll explain how our URL security rule was written when it was broken and how we changed it to fix the problem.
1. In a broken state, we had a security rule with the URL referenced in a custom URL category. That Custom URL category was then added to the security rule.
2. To Fix the problem we changed the URL Category in the security rule to Any and added each URL we wanted to permit in the Destination. When you add a URL to the destination of a security rule, you'll need to create an address object and choose FQDN.
Hope that helps!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!