PANOS URL filtering 11.0.4

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PANOS URL filtering 11.0.4

L3 Networker

Hi folks,

We have URL filtering profile enabled on our respective policies using URL categories for different services purposes( eg: wsus services we have url category with *.microsoft.com and other doamins allowed in it, similarly for redhat and other devops related having separate url category called into respective source server policies for updates etc. )

Lets say i have enabled only wsus url category to alert in wsus related security rule which is having microsoft doamins and dependents alowed in it, and all other url category to block. Now since other url categories is blocked under this url profile. What i have observed is any url category (eg: github urlcategory having microsoft domain being blocked for this rule) containing micorsoft domain other than wsus url category (which is set to alert anyways), is getting blocked page for the wsus server updates access. 

When i observed the url filtering logs i can see the domain got blocked due to github url category having microsoft domain in it and is set to block for this particular rule.

Hence, i have to enable all the url category to alert having related domains in it to get it work.

 

Now, since github url category is having other domains also in it which does not required for wsus, is now getting open for wsus server to have access to, which is not desired.

 

So how i can make this work efficiently without allowing other domains getting indirectly enabled to servers which is not required.

 

Thanks

 

 

3 REPLIES 3

L3 Networker

Hi @zaidshaikh ,

 

If I understood correctly, You can create URL category based policies instead of allowing the URLs under URL filtering Profile. 

 

 

Edsnow

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Thank you for th response.

Do you mean calling the URL category under the service/url tab of the security policy?

 

Yes correct.

Edsnow

Please help out other users and “Accept as Solution” if a post helps solve your problem !
  • 381 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!