11-21-2023 06:10 AM - edited 11-21-2023 07:09 AM
Hi Team,
In Strata Cloud Manager while seeing the URL filtering logs I am not able to see the subdomain URLs.
But in another tenant, I could see the complete logs after ( .com/ )
Eg: live.paloaltonetworks.com/t5/forums/postpage/board-id/Prisma_Access_Cloud_Management_Discussio
regards,
Akash Thangavel
Network Security Engineer
12-21-2023 03:08 AM
Hi @ram.balaji ,
The most plausible reason is that no SSL decryption is applied on the firewall generating these logs.
Without TLS/SSL decryption, PAN firewall is inspecting the SNI (server name indicator), from the SSL negotiation. This is sent by the client to the sever to indicate which host the client is trying to reach so the server can know which SSL certificate to provide (if the server host multiple sites).
Because traffic is encrypted and no decryption is applied FW cannot see the full URL from the HTTP headers and will use the SNI for web filtering categorization.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
