Palo Alto Networks URL filtering solution enables you
to block and allow access to websites based on URL category and
information such as user and group.
Where can I use
What do I need?
URL Filtering license
For Prisma Access, this is usually included
with your Prisma Access license.
A legacy or Advanced URL Filtering subscription is required for
basic URL filtering functionality, which includes granular filtering
control, safe search enforcement, and credential phishing prevention.
All URL requests are compared against the entries in PAN-DB, Palo
Alto Networks URL database. Each URL in the database is assigned
various categories, which enables category-based policy creation.
The firewall enforces the controls you configure for these sites.
Legacy URL Filtering subscription holders are able to continue using
their URL filtering deployment until the end of the license term.
The Advanced URL Filtering subscription provides all of the functionality
of the legacy subscription with the added beneﬁt of full web content
inspection using inline machine learning-based web security engines.
With Advanced URL Filtering enabled, URL requests are:
Analyzed in real-time using the cloud-based Advanced
URL Filtering detection modules to defend against new and unknown
threats that do not currently exist in the URL filtering database.
a firewall-based analysis solution, which can block unknown malicious
web pages in real-time.
Legacy URL filtering relies on predefined URL categories in PAN-DB
or custom URL categories that you create to enforce policy. Thus,
attackers are more able to launch precision attack campaigns through
URLs not present in the database. On the contrary, advanced URL
filtering analyzes URLs not present in the database in real-time
to determine which action to take. As a result, advanced URL filtering
can protect against malicious URLs that are updated or introduced
before PAN-DB analyzes and adds the site to the database content.
If the network security requirements in your enterprise prohibit
the firewalls from directly accessing the Internet, Palo Alto Networks
provides an offline URL filtering solution with the PAN-DB private
cloud. This allows you to deploy a PAN-DB private cloud on
one or more M-600 appliances that function as PAN-DB servers within
your network; however, it does not support any of the cloud-based
URL analysis features found in the Advanced URL Filtering solution.