: Set Up Site Access for URLs on Cloud NGFW for AWS
Focus
Focus

Set Up Site Access for URLs on Cloud NGFW for AWS

Table of Contents

Set Up Site Access for URLs on Cloud NGFW for AWS

A URL Filtering security profile protects against web-based threats, and allows you to tightly control which web resources your VPC workloads can access.
When traffic passes through your NGFW to reach a URL, the NGFW allows that traffic based on the action you set for the category that URL belongs to. The site access actions you can set are:
  • Alert—select alert to have visibility into sites that users are accessing. Traffic matching that category is allowed but a URL filtering log is generated to record when a user accesses a site in that category.
  • Allow—traffic destined for that category is allowed. Additionally, allowed traffic is not logged.
  • Block—denies access to traffic that matches that category and enables logging of blocked traffic.
To get the most out of URL filtering in your deployment, you should start by creating allow rules for the applications you rely on to do business. Then, review the URL categories that classify malicious and exploitive content—we recommend that you block these outright.
When deploying URL filtering for the first time, we recommend that you start with a basic setup that gives us visibility into web activity patterns while blocking confirmed malicious content. You can begin by blocking categories that are known to be malicious—malware, command and control, and phishing. For other categories, set them to alert to get visibility into the sites your users are accessing. Then you can decide what you want to allow, limit, and block.
Alerting on all web activity generates a large number of log files, so you might want to do this initially and then modify your site access actions to better suit your needs.
Complete the following steps to set site access for custom and pre-defined URL categories.
  1. Select Rulestacks and select a previously-created rulestack on which to configure URL filtering.
  2. Select Security ProfilesWeb-based Threat ProtectionURL Categories & FilteringEdit.
  3. Select category or categories from the displayed list.
  4. Set Site Access for the selected categories from the drop-down.
  5. Click Save.