Ok so I'd really like to skip the part about why my organization does this and get to the part about what should I be concerned about... Our PA is set up to block many many many URL's using URL Filtering, just as you'd expect any org to do, but there have also been many Data Filtering regex signatures created solely to block URLs as well. Often times the regex expressions are created by someone who wants a URL blocked but only has permissions to create vuln signatures and not URL filters. I don't want to go into the local "reason" for this, but my question for the experts is: what sort of performance impact can this cause? They are also using this style of signature to kill the DNS query for these URLs, so that's as many as two data filtering sigs for each of these URLs that are being blocked via a "work around". If there are say, a few hundred of these regex signatures that exist to simply block domain names found in http headers, will this cause a hit to PA performance? What about as that list of signatures grows? What other concerns should I have about this method? I'm pushing my org to stop misusing the data filters this way and to rely solely on the URL filtering function, but lets just say there's a lot of red tape involved. Going into it with some smart information might help my argument.
... View more