Cloud Managed
Focus
Focus
Advanced URL Filtering

Cloud Managed

Table of Contents


Cloud Managed

If you’re using Panorama to manage
Prisma Access
:
Toggle over to the
PAN-OS & Panorama
tab and follow the guidance there.
If you’re using
Strata Cloud Manager
, continue here.
  1. Go to the URL Access Management dashboard.
    Select
    Manage
    Configuration
    Security Services
    URL Access Management
    .
  2. Select
    Settings
    .
  3. Create a URL admin override password.
    1. Go to URL Admin Overrides, and
      Add URL Admin Overrides
      .
    2. (
      Optional
      ) Select a
      Mode
      for prompting users for the password:
      • Transparent
        —The password prompt appears to originate from the original destination URL. The firewall intercepts the browser traffic destined for sites in a URL category set to override and issues an HTTP 302 to prompt for the password, which applies on a per-vsys level.
      • Redirect
        —The password prompt appears from an
        Address
        (IP address or DNS hostname) that you specify. The firewall intercepts HTTP or HTTPS traffic to a URL category set to override and uses an HTTP 302 redirect to send the request to a Layer 3 interface on the firewall.
    3. Enter a
      Password
      , then enter it again to
      Confirm Password
      .
    4. (
      Optional
      ) Select an
      SSL/TLS Service Profile
      .
      You can create and manage SSL/TLS service profiles by clicking
      Create New
      and
      Manage
      , respectively.
    5. Save
      your changes.
  4. (
    Optional
    ) Set the duration of override access and password lockouts.
    By default, users can access websites in categories for which they have successfully entered an override password for 15 minutes. After the default or custom interval passes, users must re-enter the password.
    By default, users are blocked for 30 minutes after three failed password attempts. After the user is locked out for the default or custom duration, they can try to access the websites again.
    1. Customize the General Settings.
    2. For
      URL Admin Override Timeout
      , enter a value (in minutes) from 1 to 86,400.
    3. For
      URL Admin Lockout Timeout
      , enter a value (in minutes) from 1 to 86,400.
    4. Save
      your changes.
  5. Specify the URL categories that require password access.
    1. On the URL Access Management dashboard, under the
      Access Control
      tab, go to URL Access Management Profiles and modify or
      Add Profile
      .
    2. Under Access Control, select the categories that require password access.
    3. With all the categories selected, click
      Set Access
      and then select
      Override
      .
      You should see that Site Access for the highlighted categories now say
      override
      .
    4. Save
      your changes.
  6. Apply the URL Access Management profile to a Security policy rule.
    A URL Access Management profile is only active when it’s included in a profile group that a Security policy rule references.
    Follow the steps to activate a URL Access Management profile (and any Security profile). Be sure to
    Push Config
    when you are done.


Recommended For You