Hi, If we test https://urlfiltering.paloaltonetworks.com/test-grayware there is no block page however if we test http://urlfiltering.paloaltonetworks.com/test-grayware we do get a block page. I cannot find urlfiltering.paloaltonetworks.com nor *.paloaltonetworks.com in a no ssl decryption profile nor the predefined exclusion list. In the traffic log we see that the traffic is not being decrypted and in the URL log we see the URL is urlfiltering.paloaltonetworks.com while in http mode the full URL is shown. What am I missing here?
... View more
Hi all, I'm currently reviewing our PA5250 security policy ruleset and I'm doubting the best way to handle it. We have about 800 rules and lots of those rules combine functions. For example a server is allowed to FTP to ip a.b.c.d and should be allowed to ssl to ip w.x.y.z. At the moment this is combined in one rule which means that servers is also allowed to FTP to w.x.y.z and to SSL to the first IP. If I were to split up all those kind of rules I would at least double the number of rules. I know the limit of # of rules for the 5250 is 40000 so we are no where near that. My questions: - from a management perspective is it better to have lots of small rules or lots of "combined" rules - from a resource/throughput perspective: is it better to have for example 10000 simple rules (1 source - 1 destination) or 2000 complex rules (multiple source and destionations) Thanks in advance for your opinion on this topic
... View more