- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-19-2018 11:48 AM
Hell everyone,
I have a vendor that is going to work on deploying the URL Filtering service in our Pan3020 but I wanted to undersandt/learn what the best approach is in order for to come up with an outcome that is manageable once they leave us. As of today, our security profiles such as Wildfire, Antivirus, etc. are applied to each rule. This deployment took a long time due to the amount of rules oure firewall has so the vendor has proposed to create just certain security policy rules for filtering instead of deploying the profile to each single rule.
I am sure that this could probably be done using the CLI and some sort of scrip but again, I would like to hear other's recommendations regarding this matter. In the future, I am positive that we are going to need to make changes so doing the right thing now will help us.
Thank you in advanced.
01-19-2018 12:33 PM - edited 01-19-2018 12:34 PM
I would start by reviewing this video and article that Joe put together. It is still relevant today.
https://live.paloaltonetworks.com/t5/Tutorials/How-to-Configure-URL-Filtering-Video/ta-p/59300
P.S. There are other articles including one covering advanced URL Filtering at the bottom of the above page.
01-19-2018 01:45 PM
Hello,
Since URL filtering is heavily politically charged, what I usually do is give the exec board a list of all the categories and have them tell me what to block.
This keeps me out from the abuse the users tend to throw around.
Another thing you can do it enable it and allow all categories, then run reports to see what the users are doing and present that to the board.
Hope that helps.
01-23-2018 11:20 AM
Thank you to all for your answers. I agree that URL filtering is a very political topic; however, I was hoping for right/wrong suggestions regarding the implementation such as, keep in mind this or this will happen, etc. For now, those videos and the URL description document are both very informative.
01-25-2018 03:41 PM
Hello,
You may come across a few sites that are miscategorized, but you can submit them to be changed. Once thing you can try is to put in a policy that allows all categories (ugly I know) and then run reports on ones that are hit the most.
I would highly suggest you block the following at a minimum:
command-and-control
copyright-infringement
dynamic-dns
extermism
malware
phishing
proxy-avoidance-and-anonymizers
questionable
unknown
Start blocking these and go from there. One thing somone else posted a while back was to run a report on the executives browsing history and present that to the board :).
Good luck.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!