>
    PAN-OS & Panorama
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced URL Filtering
    3. Configure URL Filtering
    4. Get Started with URL Filtering
    5. PAN-OS & Panorama
    Download PDF
    Advanced URL Filtering

    PAN-OS & Panorama

    Table of Contents

    PAN-OS & Panorama

    Follow these recommended practices for deploying Palo Alto Networks URL filtering solution.
    1. Use Test A Site to check how PAN-DB categorizes a specific website.
      You can also use the platform to request a categorization change for any website that you believe has been incorrectly categorized.
    2. Create a passive URL Filtering profile that
      alerts
       on all categories.
      1. Select
        Objects
        Security Profiles
        URL Filtering
        .
      2. Select the default profile, and then click
        Clone
        . The new profile will be named
        default-1
        .
      3. Select the
        default-1
         profile and rename it. For example, rename it to URL-Monitoring.
    3. Configure the action for all categories to
      alert
      , except for malware, command-and-control, and phishing, which should remain blocked.
      1. In the section that lists all URL categories, select all categories and then de-select malware, command-and-control, and phishing.
      2. To the right of the Action column heading, mouse over and select the down arrow and then select
        Set Selected Actions
         and choose
        alert
        .
      3. Block
         access to known dangerous URL categories.
        Block access to malware, phishing, dynamic-dns, unknown, command-and-control, extremism, copyright-infringement, proxy-avoidance-and-anonymizers, newly-registered-domain, grayware, and parked URL categories.
      4. Click
        OK
         to save the profile.
    4. Apply the URL Filtering profile to Security policy rules that allow traffic from clients in the trust zone to the Internet.
      Make sure the
      Source Zone
       in the Security policy rules you add URL Access Management profiles to is set to a protected internal network.
      1. Select
        Policies
        Security
        . Then, select a Security policy rule to modify.
      2. On the
        Actions
         tab, edit the Profile Setting.
      3. For
        Profile Type
        , select
        Profiles
        . A list of profiles appears.
      4. For
        URL Filtering
         profile, select the profile you just created.
      5. Click
        OK
         to save your changes.
    5. Commit
       the configuration.
    6. View the URL filtering logs to see all of the website categories that your users are accessing. The categories you’ve set to block are also logged.
      For information on viewing the logs and generating reports, see Monitoring Web Activity.
      Select
      Monitor
      Logs
      URL Filtering
      . A log entry will be created for any website that exists in the URL filtering database that is in a category set to any action other than
      allow
      . URL Filtering reports give you a view of web activity in a 24-hour period. (
      Monitor
      Reports
      ).
    7. Next Steps:
      • PAN-DB categorizes every URL with up to four categories, and every URL has a risk category (high, medium, and low). While high and medium-risk sites are not confirmed malicious, they are closely associated with malicious sites. For example, they might be on the same domain as malicious sites or maybe they hosted malicious content until only very recently. For everything that you do not allow or block, you can use risk categories to write simple policy rules based on website safety.
        You can take precautionary measures to limit your users’ interaction high-risk sites especially, as there might be some cases where you want to give your users access to sites that might also present safety concerns (for example, you might want to allow your developers to use developer blogs for research, yet blogs are a category known to commonly host malware).
      • Pair URL filtering with User-ID to control web access based on organization or department and to block corporate credential submissions to unsanctioned sites:
        • URL filtering prevents credential theft by detecting corporate credential submissions to sites based on the site category. Block users from submitting credentials to malicious and untrusted sites, warn users against entering corporate credentials on unknown sites or reusing corporate credentials on non-corporate sites, and explicitly allow users to submit credentials to corporate sites.
        • Add or update a Security policy rule with the passive URL Filtering profile so that it applies to a department user group, for example, Marketing or Engineering (
          Policies
          Security
          User
          ). Monitor the department activity, and get feedback from department members to understand the web resources that are essential to the work they do.
      • Consider all the ways of leveraging URL filtering to reduce your attack surface. For example, a school may use URL filtering to enforce strict safe search for students. Or, if you have a security operations center, you might give only threat analysts password access to compromised or dangerous sites for research.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.