This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

URL Filtering Categorisation Justification

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

URL Filtering Categorisation Justification

MikeMeredith
L2 Linker

‎02-01-2023 06:24 AM

Hi!

 

We're running URL filtering on our PanOS campus firewalls and I very often get asked to add domains to our 'allow list' - almost always because they're newly registered domains. On occasions we've had sites requested that fit into more serious categories - the latest being 'grayware'. These are very often personal web sites used for teaching and not intended to be malicious in any way. 

 

It would be very helpful if the reasons for categorisation could be made available - for example the website owner of the 'grayware' site above is quite willing to fix any issues with their site but doesn't know what's wrong with it. 

0 Likes Likes
4 REPLIES 4

anuj_mor
L2 Linker

‎02-01-2023 08:03 AM

You can log a ticket with TAC and ask for justification and possibly request for recategorization. Unfortunately, these process are like a black box for customers since it is all managed by Palo backend teams (like Unit42)

0 Likes Likes

Raido_Rattameister
Cyber Elite
Cyber Elite

‎02-01-2023 08:55 AM

You might consider changing "newly registered domains" action from "block" to "continue" to allow site access if user action is involved.

 

For incorrectly categorized domain ask users to request recategorization at https://urlfiltering.paloaltonetworks.com/

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
0 Likes Likes

MikeMeredith
L2 Linker
In response to Raido_Rattameister

‎02-24-2023 06:29 AM

Hi!

 

Thanks for the suggestion although that would seem to reduce security somewhat. Although it would be handy to be able to 'tweak' the countdown from 32 days to 7 days.

 

We actually have an improved method for dealing with newly-registered-domains - we have a database driven EDL adapted from our existing IP block/allow lists. The question is really more about other riskier categories - where we're not willing to add to the allowlist without additional information.

0 Likes Likes

Raido_Rattameister
Cyber Elite
Cyber Elite

‎02-24-2023 06:54 AM

Main issue with newly-registered-domains is malware that generates domain names using algorithm and then connects to them behind user's back.


Having continue page will block this kind of malware calling home. In case of users continue page can warn them that it is possible security risk etc.

Also you can run reports against URL log where users bypassed this page.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
0 Likes Likes
  • 2668 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks