Prisma Access

Advanced URL Filtering

Prisma Access

Table of Contents

Prisma Access

If you’re using Panorama to manage Prisma Access:
Toggle over to the
tab and follow the guidance there.
If you’re using Prisma Access Cloud Management, continue here.
  1. Go to the URL Access Management dashboard.
    Security Services
    URL Access Management
  2. Select
  3. Create a URL admin override password.
    1. Go to URL Admin Overrides, and
      Add URL Admin Overrides
    2. (
      ) Select a
      for prompting users for the password:
      • Transparent
        —The password prompt appears to originate from the original destination URL. The firewall intercepts the browser traffic destined for sites in a URL category set to override and issues an HTTP 302 to prompt for the password, which applies on a per-vsys level.
      • Redirect
        —The password prompt appears from an
        (IP address or DNS hostname) that you specify. The firewall intercepts HTTP or HTTPS traffic to a URL category set to override and uses an HTTP 302 redirect to send the request to a Layer 3 interface on the firewall.
    3. Enter a
      , then enter it again to
      Confirm Password
    4. (
      ) Select an
      SSL/TLS Service Profile
      You can create and manage SSL/TLS service profiles by clicking
      Create New
      , respectively.
    5. Save
      your changes.
  4. (
    ) Set the duration of override access and password lockouts.
    By default, users can access websites in categories for which they have successfully entered an override password for 15 minutes. After the default or custom interval passes, users must re-enter the password.
    By default, users are blocked for 30 minutes after three failed password attempts. After the user is locked out for the default or custom duration, they can try to access the websites again.
    1. Customize the General Settings.
    2. For
      URL Admin Override Timeout
      , enter a value (in minutes) from 1 to 86,400.
    3. For
      URL Admin Lockout Timeout
      , enter a value (in minutes) from 1 to 86,400.
    4. Save
      your changes.
  5. Specify the URL categories that require password access.
    1. On the URL Access Management dashboard, under the
      Access Control
      tab, go to URL Access Management Profiles and modify or
      Add Profile
    2. Under Access Control, select the categories that require password access.
    3. With all the categories selected, click
      Set Access
      and then select
      You should see that Site Access for the highlighted categories now say
    4. Save
      your changes.
  6. Apply the URL Access Management profile to a Security policy rule.
    A URL Access Management profile is only active when it’s included in a profile group that a Security policy rule references.
    Follow the steps to activate a URL Access Management profile (and any Security profile). Be sure to
    Push Config
    when you are done.

Recommended For You