Get Started with URL Filtering

Where can I use this?
What do I need?
  • Prisma Access
  • PAN-OS
  • Advanced URL Filtering license
    For Prisma Access, this is usually included with your Prisma Access license.
The first step to get started with URL Filtering is understanding the web activity patterns of users on your network.
To safely observe these patterns, we recommend you:
>>
Review Palo Alto Networks predefined URL categories.
>>
Enter URLs into our Test A Site engine to see how PAN-DB categorizes those URLs.
>>
Create a (mostly) passive URL Filtering profile that alerts on most categories. When you select the
alert
setting for a URL category, the firewall logs traffic to that category. Then, you can see the sites your users are accessing and decide on the appropriate site access for URL categories and specific sites.
>>
Block URL categories that we know are bad: malware, C2, and phishing.
Alerting on all web activity might create a large amount of log files. As a result, you might only want to do this as part of an initial deployment.
At that time, you can also reduce URL filtering logs by enabling the
Log container page only
option in the URL Filtering profile so only the main page that matches the category will be logged, not subsequent pages/categories that may be loaded within the container page.

Recommended For You