Follow these recommended practices for deploying Palo Alto Networks URL filtering solution.
  1. Use Test A Site to see how PAN-DB—the URL filtering cloud database—categorizes a specific URL and to learn about all possible URL categories.
    You can also use Test A Site to submit a request to change the category for a URL if you disagree with how a specific URL is categorized.
  2. Create a passive URL Filtering profile that alerts on all categories so you have visibility into web traffic.
    1. Select
      Security Profiles
      > URL Filtering
    2. Select the default profile and then click
      . The new profile will be named
    3. Select the
      profile and rename it. For example, rename it to URL-Monitoring.
  3. Configure the action for all categories to
    , except for malware, command-and-control, and phishing, which should remain blocked.
    1. In the section that lists all URL categories, select all categories and then de-select malware, command-and-control, and phishing.
    2. To the right of the Action column heading, mouse over and select the down arrow and then select
      Set Selected Actions
      and choose
    3. Block
      access to known dangerous URL categories.
      Block access to malware, phishing, dynamic-dns, unknown, command-and-control, extremism, copyright-infringement, proxy-avoidance-and-anonymizers, newly-registered-domain, grayware, and parked URL categories.
    4. Click
      to save the profile.
  4. Apply the URL Filtering profile to Security policy rules that allow traffic from clients in the trust zone to the Internet.
    Make sure the
    Source Zone
    in the Security policy rules you add URL Access Management profiles to is set to a protected internal network.
    1. Select
      . Then, select a Security policy rule to modify.
    2. On the
      tab, edit the Profile Setting.
    3. For
      Profile Type
      , select
      . A list of profiles appears.
    4. For
      URL Filtering
      profile, select the profile you just created.
    5. Click
      to save your changes.
  5. Commit
    the configuration.
  6. Next Steps:

Recommended For You