I'm trying to allow access to a single form on Google Docs while blocking access to all of Google Docs in general in PAN-OS 7.1.8. I'm aware that Google Docs is an encrypted service, so here's what I've done: Created a custom URL category called "GoogleDocs" containing the following URLs: *.google.com/docs docs.google.com google.com/docs I also have another custom URL category called "Whitelist" that is set to "alert" in all URL filtering security profiles. The idea for this custom URL category is to contain any URL we want to globally allow. I added the specific form's URL to the "Whitelist" category: docs.google.com/forms/d/e/1FAIpQLSfC3N8s4Kbhd9heiMJrwlYJDGG5n_Nh25UOp7CdqLN8xdpqmw Technically, the real URL also has "/viewform?embedded=true" at the end but I've left that off in the "Whitelist" URL category object. I've created a Decryption Policy that does SSL Forward Proxy decryption on traffic from inside to outside that matches the URL category "GoogleDocs". In my base web filtering security rule, which we call "Common-Web", the URL filtering security profile that is used on that rule has the "Whitelist" category set to "alert" (as previously mentioned) and "GoogleDocs" set to "block". I also added the "google-docs-base" application object to ensure the rule would match. Unfortunately, this does not seem to work. I am receiving a URL block when I try to visit the site with the embedded Google Docs form. The "Common-Web" rule is correctly matching, the traffic is correctly decrypted, and I am seeing the full form URL in the URL filtering logs, but the URL is being seen as part of the "GoogleDocs" URL category instead of the "Whitelist" URL category, hence the reason for the block (remember that we have the "GoogleDocs" category set to "block" in the URL filtering security profile). How can I accomplish what I am trying to do? What I am trying does not appear to be working as intended.
... View more