Request to unblock firewall for my website

Hello @telminha0mermaid 

Palo Alto Networks firewalls are designed to proactively block access to newly registered domains (NRDs) and domains associated with dynamic DNS (DDNS) in both URL and DNS categories due to the high security risks these domains often present. This proactive blocking is a critical component of the firewall's threat prevention capabilities.

A newly registered domain (NRD) refers to a domain that has been registered or undergone a change in ownership within the last 30 to 32 days.

Security Significance Newly registered domains are considered a "Potential Threat" category within Palo Alto Networks security classifications. This is because they are frequently created and used for malicious activities, such as phishing attacks, command and control (C2) communications, and the distribution of malware. Attackers often register new domains to launch web-based attacks, and these domains may have a short lifespan, making them challenging to detect. There is a strong correlation between newly registered domains and malicious URLs.

Palo Alto Networks Detection and Categorization

1. URL Filtering (PAN-DB):
• URLs are categorized as newly-registered-domain when their registration (observed via Passive DNS) falls within the last 32 days.
• After this initial period, Palo Alto Networks' systems crawl the URL to determine if it requires re-categorization. If this process is unsuccessful, the category might be updated to Insufficient-Content, Newly-Registered-Domain.
• By default, newly registered domains may initially be categorized as unknown in PAN-DB. Palo Alto Networks' analysis/threat team or automated crawlers review and classify these domains.
2. DNS Security and Advanced DNS Security:
• These services detect NRDs by monitoring specific feeds, including domain registries and registrars, and by utilizing zone files, passive DNS, and WHOIS data.
• Palo Alto Networks employs machine learning (ML) algorithms to predict and identify new malicious domains shortly after their registration, often before they are actively used in an attack.
• "Newly Registered Domains" are a specific DNS Security category (UTID: 109020001) that can be filtered in Threat logs as dns-new-domain or adns-new-domain.
3. Botnet Reports:
• Traffic directed to domains registered within the past 30 days is monitored as an indicator of potential botnet activity.

Best Practices and Configuration:

Recommended Action: For newly-registered-domain and dynamic-dns URL categories, the recommended action in URL Filtering profiles is generally to block access to maximize security.

• Handling Unknown Sites: Sites not yet identified by PAN-DB (unknown category) are also considered potential threats. While blocking is the most secure option, if business needs require allowing traffic to unknown sites, it's recommended to set the action to alert, apply the strictest Security profiles, and thoroughly investigate any alerts.
• Exceptions: If legitimate business operations require access to specific sites within these blocked categories, administrators can create custom URL categories or specific allow rules to create exceptions. However, this should be done cautiously, often with strict security profiles applied to the allowed traffic.