Thanks for your thoughts, yes that can certainly be done once we identify that students are going to a particular site. But then once we block that site they will just move on to the next site. Other web filtering products have default rules like 'block any URLs with IP addresses', which is sort of what I'm looking for, although it would be good to allow known safe URL categories to still be allowed, even with that rule. Thanks!
... View more
Hi all, How can the Palo Alto control the age-old URL filtering bypass of typing in the IP address of a site, rather than the hostname? As an example, some of our students last week did: 1. www.minecraft.net via web browser is blocked (category: games) 2. do an nslookup or dig for www.minecraft.net 3. type IP address into browser and then get through When Palo Alto saw this, the IP address was in URL Filtering category 'unknown'. Disabling unknown would cause too many false positives with lots of different sites. Now in some cases, the IP address does resolve to a particular category and this isn't a problem. It's only when it comes back as 'unknown' that we have an issue. Does anyone have a solution to this? Is it possible to block access to any IP address URL, unless it is in a valid URL category? Edit: oh yes, we're on PA-4050s, 5.0.2, using the PAN-DB URL Filtering module. Thanks! Tony Bigby
... View more