Allow Password Access to Certain Sites (Strata Cloud Manager)
Focus
Focus
Advanced URL Filtering

Allow Password Access to Certain Sites (Strata Cloud Manager)

Table of Contents


Allow Password Access to Certain Sites (Strata Cloud Manager)

If you’re using Panorama to manage Prisma Access:
Toggle over to the PAN-OS & Panorama tab and follow the guidance there.
If you’re using Strata Cloud Manager, continue here.
  1. Go to the URL Access Management dashboard.
    Select ManageConfigurationSecurity ServicesURL Access Management.
  2. Select Settings.
  3. Create a URL admin override password.
    1. Go to URL Admin Overrides, and Add URL Admin Overrides.
    2. (Optional) Select a Mode for prompting users for the password:
      • Transparent—The password prompt appears to originate from the original destination URL. The firewall intercepts the browser traffic destined for sites in a URL category set to override and issues an HTTP 302 to prompt for the password, which applies on a per-vsys level.
      • Redirect—The password prompt appears from an Address (IP address or DNS hostname) that you specify. The firewall intercepts HTTP or HTTPS traffic to a URL category set to override and uses an HTTP 302 redirect to send the request to a Layer 3 interface on the firewall.
    3. Enter a Password, then enter it again to Confirm Password.
    4. (Optional) Select an SSL/TLS Service Profile.
      You can create and manage SSL/TLS service profiles by clicking Create New and Manage, respectively.
    5. Save your changes.
  4. (Optional) Set the duration of override access and password lockouts.
    By default, users can access websites in categories for which they have successfully entered an override password for 15 minutes. After the default or custom interval passes, users must re-enter the password.
    By default, users are blocked for 30 minutes after three failed password attempts. After the user is locked out for the default or custom duration, they can try to access the websites again.
    1. Customize the General Settings.
    2. For URL Admin Override Timeout, enter a value (in minutes) from 1 to 86,400.
    3. For URL Admin Lockout Timeout, enter a value (in minutes) from 1 to 86,400.
    4. Save your changes.
  5. Specify the URL categories that require password access.
    1. On the URL Access Management dashboard, under the Access Control tab, go to URL Access Management Profiles and modify or Add Profile.
    2. Under Access Control, select the categories that require password access.
    3. With all the categories selected, click Set Access and then select Override.
      You should see that Site Access for the highlighted categories now say override.
    4. Save your changes.
  6. Apply the URL Access Management profile to a Security policy rule.
    A URL Access Management profile is only active when it’s included in a profile group that a Security policy rule references.
    Follow the steps to activate a URL Access Management profile (and any Security profile). Be sure to Push Config when you are done.