URL Category Exceptions
Guidelines for adding entries to a custom URL list or
external dynamic list for use in a URL Filtering profile or policy.
Where can I use
this? | What do I need? |
- Prisma Access (Managed by Strata Cloud Manager)
- Prisma Access (Managed by Panorama)
- NGFW (Managed by Strata Cloud Manager)
- NGFW (Managed by PAN-OS or Panorama)
|
|
You can exclude specific websites from URL category enforcement,
ensuring that these websites are blocked or allowed regardless of
the policy action associated with its URL categories. For example,
you might block the social-networking URL category but allow access
to LinkedIn. To create exceptions to URL category policy enforcement:
- Add the IP addresses or URLs of sites you want to block
or allow to a custom URL category of URL
List type. Then, define site access for the category
in a URL Filtering profile. Finally, attach the profile to a Security
policy rule.
You can also use a custom URL category as
match criteria in a Security policy rule. Be sure to place the exception
rule above any rules that block or allow the categories to which
the URL exceptions belong.
- Add the URLs of sites you want to block or allow to an external dynamic list of URL
List type. Then, use the external dynamic
list in a URL Filtering profile or as match criteria in a Security
policy rule. The benefit to using an external dynamic list
is that you can update the list without performing a configuration
change or commit on the firewall.