URL Category Exceptions
Focus
Focus
Advanced URL Filtering

URL Category Exceptions

Table of Contents

URL Category Exceptions

Guidelines for adding entries to a custom URL list or external dynamic list for use in a URL Filtering profile or policy.
Where can I use this?What do I need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • NGFW (Managed by Strata Cloud Manager)
  • NGFW (Managed by PAN-OS or Panorama)
Notes:
  • Legacy URL filtering licenses are discontinued, but active legacy licenses are still supported.
  • Prisma Access licenses include Advanced URL Filtering capabilities.
You can exclude specific websites from URL category enforcement, ensuring that these websites are blocked or allowed regardless of the policy action associated with its URL categories. For example, you might block the social-networking URL category but allow access to LinkedIn. To create exceptions to URL category policy enforcement:
  • Add the IP addresses or URLs of sites you want to block or allow to a custom URL category of URL List type. Then, define site access for the category in a URL Filtering profile. Finally, attach the profile to a Security policy rule.
    You can also use a custom URL category as match criteria in a Security policy rule. Be sure to place the exception rule above any rules that block or allow the categories to which the URL exceptions belong.
  • Add the URLs of sites you want to block or allow to an external dynamic list of URL List type. Then, use the external dynamic list in a URL Filtering profile or as match criteria in a Security policy rule. The benefit to using an external dynamic list is that you can update the list without performing a configuration change or commit on the firewall.
External dynamic lists of URL List type should not be confused with external dynamic lists of Domain List or IP Address List type. While external dynamic lists of URLs permit domains and IP addresses, the reverse is not true and result in invalid entries.