Palo Alto Networks URL Filtering Solution

Palo Alto Networks URL filtering solution enables you to block and allow access to websites based on URL category and information such as user and group.
Where can I use this?
What do I need?
  • Prisma Access
  • PAN-OS
  • Advanced URL Filtering license
    For Prisma Access, this is usually included with your Prisma Access license.
Advanced URL Filtering (preceded by URL Filtering) is a subscription service that protects your network and its users against malicious and evasive web-based threats—both known and unknown. The subscription provides the same functionality as URL Filtering—granular URL filtering control, visibility into user web activity, safe search enforcement, and credential phishing prevention—with the addition of full web content inspection using an inline machine learning-based web security engine. The inline web security engine enables real-time analysis and categorization of URLs that are not present in PAN-DB, Palo Alto Networks cloud-based URL database. Then, the engine determines the action the firewall takes.
Advanced URL Filtering protects against malicious URLs that are updated or introduced before PAN-DB has analyzed and added them to the database. With Advanced URL Filtering enabled, URL requests are:
  • Analyzed in real-time using the cloud-based Advanced URL Filtering detection modules. This is in addition to URLs being compared to entries in PAN-DB. The ML-powered web protection engine detects and blocks the malicious websites that PAN-DB cannot.
  • Inspected for phishing and malicious JavaScript using local inline categorization, a firewall-based analysis solution, which can block unknown malicious web pages in real-time.
Advanced URL Filtering licenses are supported on firewalls running PAN-OS 9.1 and later. You can manage URL filtering features on the PAN-OS and Panorama web interface, Cloud NGFW for AWS, and Prisma Access platforms. However, some URL filtering features are not available on each platform.
If network security requirements in your enterprise prohibit the firewalls from directly accessing the Internet, Palo Alto Networks provides an offline URL filtering solution with the PAN-DB private cloud. You can deploy a PAN-DB private cloud on one or more M-600 appliances that function as PAN-DB servers within your network; however, the private cloud does not support any of the cloud-based URL analysis features provided by the Advanced URL Filtering solution.

Legacy URL Filtering Subscription

URL Filtering relies on predefined and custom URL categories in PAN-DB to enforce policy. It uses only PAN-DB to identify and filter known websites. Known websites are websites that are in your local cache or in PAN-DB. Thus, attackers are better able to launch precision attack campaigns through URLs not present in the database.
Legacy URL Filtering subscription holders are able to continue using their URL filtering deployment until the end of the license term.

Recommended For You