No logging for URL Filtering on Panorama

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

No logging for URL Filtering on Panorama

L0 Member

Hello all,

 

Having some trouble getting URL filter logging to work correctly.

 

The PA is currently running version 10.2.6

 

When going to Objects > Security profiles > Url Filtering, I do see red text saying a license is needed for URL filtering. But if I read online  correctly this is only for advanced URL Filtering? 

 

I have gone to Objects > URL Category, to make a custom URL category with a few URL's I would like to allow. Then I go to Objects > Security Profiles > URL filtering and set both actions to alert and alert for the custom URL Category, the rest of the categories provided by PA are set to block. 

 

I then apply the URL Profile I have created to one of my security policies, along with a logging profile that I have created that is set to log the traffic and URL to Panorama. Yet when I go to monitor, all I can see is the traffic logs being allowed, when switching my tab to URL filtering under monitoring nothing seems to be populating despite there being hits for the rule.

 

Looking for any pointers on where to look next, could this be something with encryption interfering and it cannot see the URL?  Or am I SOL with the red text that says I need a license in order to use URL filtering?

 

Thanks.

2 REPLIES 2

L5 Sessionator

Hello,

 

Advanced url filtering replaced the legacy url filtering, the old url filtering either doesnt exist anymore or soon will no longer exist. I believe the only thing it regards to url filtering you can do without a license is creating a customer url category and manually adding things there. For the actual url database you'll need a license. 

 

Advanced URL Filtering / URL Filtering
You can still:
 
  • Enforce policy using custom URL categories.
 
You can no longer:
 
  • Get updates to cached PAN-DB categories.
 
  • Connect to the PAN-DB URL filtering database.
 
  • Get PAN-DB URL categories.
 
  • Analyze URL requests in real-time using advanced URL filtering.
 

L0 Member

Thanks for the clarification.

 

As an for an update, I was able to get some logs to populate in the URL filtering tab under monitor. I was just trying to see if there was a way I could verify the traffic was actually reaching out to one of the custom URLs I had entered.  From what I can tell it looks like it is, because I was trying to match *.website.com and a few logs returned for subdomains of that URL that said they were not resolved. I'm assuming that's a client machine looking for subdomain.website.com and not receiving a response. 

 

Thanks.

  • 596 Views
  • 2 replies
  • 0 Likes
  • 29 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!