01-18-2019 07:25 AM
i read that for best practice if we make custom url category its action should be none for security reasons
need to understand why?
01-18-2019 08:11 AM
OK, I listened to it and I see what they are doing. Lets say you make a custom catagory and the URL is xyz.com, and you have it set to 'Alert'. Now lets say that site gets compromised and get recatagorized by PAN as malicious. What she was saying is that it could potentially still be allowed because you set the custom catagory as 'Alert', by having it set to none she is saying it would take the default catagorization of the PAN catagory list:
none (custom URL category only)—If you have created custom URL categories, set the action to none to allow the firewall to inherit the URL filtering category assignment from your URL database vendor. Setting the action to none gives you the flexibility to ignore custom categories in a URL filtering profile, while allowing you to use the custom URL category as a match criteria in policy rules (Security, Decryption, and QoS) to make exceptions or to enforce different actions. To delete a custom URL category, you must set the action to none in any profile where the custom category is used. For information on custom URL categories, see Objects > Custom Objects > URL Category. |
Hope that makes sense.
01-18-2019 07:57 AM
Hello,
Not sure where you read that. I always set 'allowed' catagories to 'Alert'. This way they get logged and its easier to determine what is getting allowed/blocked.
Regards,
01-18-2019 07:59 AM
under this link
listen to 43rd min video
01-18-2019 08:11 AM
OK, I listened to it and I see what they are doing. Lets say you make a custom catagory and the URL is xyz.com, and you have it set to 'Alert'. Now lets say that site gets compromised and get recatagorized by PAN as malicious. What she was saying is that it could potentially still be allowed because you set the custom catagory as 'Alert', by having it set to none she is saying it would take the default catagorization of the PAN catagory list:
none (custom URL category only)—If you have created custom URL categories, set the action to none to allow the firewall to inherit the URL filtering category assignment from your URL database vendor. Setting the action to none gives you the flexibility to ignore custom categories in a URL filtering profile, while allowing you to use the custom URL category as a match criteria in policy rules (Security, Decryption, and QoS) to make exceptions or to enforce different actions. To delete a custom URL category, you must set the action to none in any profile where the custom category is used. For information on custom URL categories, see Objects > Custom Objects > URL Category. |
Hope that makes sense.
01-18-2019 08:14 AM
seems this was but tricky
thanks for explaining this to me.
04-25-2024 08:59 AM
This is good to know, one of our NetAdmins just shared this with me and I was very surprised since I remember in the PAN-EDU course the labs require us setting "alert" as an action under site access to create the firewall logs. Def will watch the video linked to get a deeper grasp. Thank you.
04-25-2024 09:04 AM
Link above is broken for me, for anyone else looking PA has it on their YouTube channel now: Nine Reasons to Use URL Filtering (Episode 2) Learning Happy Hour (youtube.com)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
