08-18-2025 12:29 PM
Hi Friends,
1) We have a customer who wants to allow access to a specific website for a particular user, but it is not working as expected.
2) when we allow pinterest.com in the XYZ security policy, it falls under the social-networking category, which is blocked. To allow this URL, we would need to permit the entire social-networking category, which we do not want to do.
3) To address this, we created a separate policy for a specific IP. However, since this IP belongs to a subnet already included in the XYZ security policy, the traffic continues to match the XYZ policy. If we place the new policy above the XYZ policy, then the traffic gets matched with a different rule.
4) Our requirement is to allow only pinterest.com while blocking all other social-networking category for that particular user IP.
5) We cleared the sessions by filtering the source IP, but the issue remained. We also verified the custom URL profile and URL category profile, which appeared to be correct. Since the source address was previously defined as a subnet, we updated the security policy to include only the specific IP address instead of the entire subnet. However, the issue still persisted.
Kindly help us to mitigate the issue
Model:- PA-440
PANOS:- 11.2.4-h7
Regards,
Chandrashekhar
09-14-2025 08:15 AM
Hi Bpry,
Thanks for your response,
1) While adding Pinterest to a custom URL category, I also included *.pinimg.com. As Pinterest relies on pinimg.com for images and content delivery, and without it, images may not load correctly.
2) To fix this, I have added below Pinterest Domains to Allow and that resolves my issue
pinterest.com
*.pinterest.com
pinimg.com
*.pinimg.com
08-18-2025 02:15 PM
Create a new custom URL category to match the desired website and create a new security rule above your social-networking deny entry to allow the traffic for the user utilizing the custom category as matching criteria under the URL Category criteria.
Ensure that the profile that you are using will actually allow the traffic appropriately. If you have a rule using the URL category to match the traffic, but continue to utilize a url-filtering profile that has the website blocked, you'll continue to block the traffic.
09-14-2025 08:15 AM
Hi Bpry,
Thanks for your response,
1) While adding Pinterest to a custom URL category, I also included *.pinimg.com. As Pinterest relies on pinimg.com for images and content delivery, and without it, images may not load correctly.
2) To fix this, I have added below Pinterest Domains to Allow and that resolves my issue
pinterest.com
*.pinterest.com
pinimg.com
*.pinimg.com
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
