Palo Alto Networks URL Filtering Solution

Palo Alto Networks URL filtering solution enables you to block and allow access to websites based on URL category and information such as user and group.
Where can I use this?
What do I need?
  • Prisma Access
  • PAN-OS
  • Advanced URL Filtering license
    For Prisma Access, this is usually included with your Prisma Access license.
A legacy or Advanced URL Filtering subscription is required for basic URL filtering functionality, which includes granular filtering control, safe search enforcement, and credential phishing prevention. All URL requests are compared against the entries in PAN-DB, Palo Alto Networks URL database. Each URL in the database is assigned various categories, which enables category-based policy creation. The firewall enforces the controls you configure for these sites.
Legacy URL Filtering subscription holders are able to continue using their URL filtering deployment until the end of the license term.
The Advanced URL Filtering subscription provides all of the functionality of the legacy subscription with the added benefit of full web content inspection using inline machine learning-based web security engines. With Advanced URL Filtering enabled, URL requests are:
  • Analyzed in real-time using the cloud-based Advanced URL Filtering detection modules to defend against new and unknown threats that do not currently exist in the URL filtering database.
  • Inspected for phishing and malicious JavaScript using local inline categorization, a firewall-based analysis solution, which can block unknown malicious web pages in real-time.
Legacy URL filtering relies on predefined URL categories in PAN-DB or custom URL categories that you create to enforce policy. Thus, attackers are more able to launch precision attack campaigns through URLs not present in the database. On the contrary, advanced URL filtering analyzes URLs not present in the database in real-time to determine which action to take. As a result, advanced URL filtering can protect against malicious URLs that are updated or introduced before PAN-DB analyzes and adds the site to the database content.
If the network security requirements in your enterprise prohibit the firewalls from directly accessing the Internet, Palo Alto Networks provides an offline URL filtering solution with the PAN-DB private cloud. This allows you to deploy a PAN-DB private cloud on one or more M-600 appliances that function as PAN-DB servers within your network; however, it does not support any of the cloud-based URL analysis features found in the Advanced URL Filtering solution.

Recommended For You