We're seeing a similar issue on PANOS 9.0.11 - traffic to Google.com searched first hits an IP address, which is being blocked due to the IP being classified as Unknown. After about 10-20 seconds of waiting, the user is redirected to Google, and no error message is shown to the end user. In the URL Filtering log in the firewall web UI the category and category list for the IP address is search-engines and search-engines,low-risk. A URL test from the CLI lists the IP as unknown. The traffic is identified as google-base. This started happening after upgrading from PANOS 8.1 to 9.0, and I have a theory that this is related to HTTP/2 inspection, which wasn't supported at 8.1. A similar issue, PAN-137387, should've been resolved in 9.0.9: "Fixed an issue where URL filtering used the IP address instead of the hostname, which led to incorrect URL categorization." Have anyone experienced the same on 9.0, and were you able to resolve it?
... View more