Prisma Access

If you’re using Panorama to manage Prisma Access:
Toggle over to the
PAN-OS
tab and follow the guidance there.
If you’re using Prisma Access Cloud Management, continue here.
  1. Enable Safe Search Enforcement in a URL Access Management profile.
    1. Select
      Manage
      Configuration
      Security Services
      URL Access Management
      .
    2. Under URL Access Management Profiles, select an existing profile or
      Add Profile
      to create a new one. Configuration options appear.
    3. Under
      Settings
      , select
      Safe Search Enforcement
      .
    4. Save
      the profile.
  2. (
    Optional
    ) Restrict the search engines that end users can access.
    1. Select
      Manage
      Configuration
      Security Services
      URL Access Management
      .
    2. Under
      Access Control
      ,
      Search
      ( ) for the
      search-engines
      category.
    3. Set Site Access for the
      search-engines
      category to
      block
      .
      Add each search engine you want end users to access to a custom URL category of URL List type.
    4. Save
      the profile.
  3. Apply the URL Access Management profile to Security policy rules that allow traffic from clients in the trust zone to the internet.
    To activate a URL Access Management profile (and any Security profile), add it to
    profile group
    and reference the profile group in a Security policy rule.
  4. Configure Site Access for the new custom URL category.
    1. Go to
      Manage
      Configuration
      Security Services
      URL Access Management
      . Under URL Access Management Profiles, select the profile you configured earlier.
    2. Under Access Control, select the new custom URL category. It appears in the Custom URL Categories section above External Dynamic URL Lists and Pre-Defined Categories. Then, set
      Site Access
      to
      allow
      .
    3. Save
      your changes.
  5. Because most search engines encrypt their search results, you must enable SSL Forward Proxy decryption so the firewall can inspect the search traffic and detect the safe search settings.
    Under the
    Services and URLs
    section of the Decryption policy rule, click
    Add URL Categories
    . Then, select the custom URL category you created earlier. New custom categories sit at the top of the list.
    Save
    the Decryption policy rule.
  6. Select
    Push Config
    to activate your changes.
  7. Verify the Safe Search Enforcement configuration.
    This verification step only works if you use block pages to enforce safe search. There is an alternative verification step if you enable safe search transparently.
    1. From a computer behind the firewall, disable the strict search settings for a supported search provider. For example, on bing.com, click the
      Preferences
      icon on the Bing menu bar.
    2. Set the
      SafeSearch
      option to
      Moderate
      or
      Off
      , and click
      Save
      .
    3. Perform a Bing search (or search using another provider) to see if the URL Access Management safe search block page displays instead of search results:
    4. Use the link on the block page to update the safe search setting to the strictest setting (
      Strict
      in the case of Bing), and then click
      Save
      .
    5. Perform a search again from Bing and verify that filtered search results display instead of the block page.

Recommended For You