>
    Cloud Managed
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced URL Filtering
    3. Configure URL Filtering
    4. Get Started with URL Filtering
    5. Cloud Managed
    Download PDF
    Advanced URL Filtering

    Cloud Managed

    Table of Contents

    Cloud Managed

    If you’re using Panorama to manage
    Prisma Access
    :
    Toggle over to the
    PAN-OS & Panorama
     tab and follow the guidance there.
    If you’re using
    Strata Cloud Manager
    , continue here.
    1. Use Test A Site to check how PAN-DB categorizes a specific website.
      You can also use the platform to request a categorization change for any website that you believe has been incorrectly categorized.
    2. Create a passive URL Access Management profile that
      alerts
       on all categories.
      The firewall generates a URL filtering log entry for websites in URL categories with an action other than
      allow
      .
      1. Select
        Manage
        Configuration
        Security Services
        URL Access Management
        .
      2. Under URL Access Management Profiles, select the checkbox next to the best-practices profile and then
        Clone
         the profile.
        The cloned profile appears under the profiles with the name
        best-practices-1
        .
      3. Select the
        best-practices-1
         profile and rename it. For example, rename it to
        url-monitoring
        .
    3. Alert
       on all categories except malware, command-and-control, and phishing, which should remain blocked.
      1. Under
        Access Control
        , select all categories, then de-select
        malware
        ,
        command-and-control
        , and
        phishing
        .
      2. With the categories still highlighted, click
        Set Access
         and choose
        Alert
        .
      3. Block
         access to
        malware
        ,
        command-and-control
        , and
        phishing
         other known dangerous URL categries:
        • phishing
        • dynamic-dns
        • unknown
        • extremism
        • copyright-infringement
        • proxy-avoidance-and-anonymizers
        • newly-registered-domain
        • grayware
        • parked
      4. Save
         the profile.
    4. Apply the URL Access Management profile to Security policy rules that allow traffic from clients in the trust zone to the Internet.
      A URL Access Management profile is only active when it’s included in a profile group that a Security policy rule references.
      Follow the steps to activate a URL Access Management profile (and any Security profile).
      Make sure the
      Source Zone
       in the Security policy rules you add URL Access Management profiles to is set to a protected internal network.
    5. Push Config
       to commit the configuration.
    6. View the URL logs to see which website categories your users are accessing. The categories you’ve set to block are also logged.
      For information on viewing the logs and generating reports, see Monitoring Web Activity.
      Select
      Activity
      Log Viewer
      URL
      . URL Filtering reports give you a view of web activity in a 24-hour period.
    7. Next Steps:
      • For everything that you do not allow or block, use risk categories to write simple policy based on website safety. PAN-DB categorizes every URL with a risk-level (high, medium, and low). While high and medium-risk sites are not confirmed malicious, they are closely associated with malicious sites. For example, they might be on the same domain as malicious sites or maybe they hosted malicious content until only very recently.
        You can take precautionary measures to limit your users’ interaction high-risk sites especially, as there might be some cases where you want to give your users access to sites that might also present safety concerns (for example, you might want to allow your developers to use developer blogs for research, yet blogs are a category known to commonly host malware).
      • Pair URL filtering with User-ID to control web access based on organization or department and to block corporate credential submissions to unsanctioned sites:
        • URL filtering prevents credential theft by detecting corporate credential submissions to sites based on the site category. Block users from submitting credentials to malicious and untrusted sites, warn users against entering corporate credentials on unknown sites or reusing corporate credentials on non-corporate sites, and explicitly allow users to submit credentials to corporate sites.
        • Add or update a Security policy rule with the passive URL Access Management profile so that it applies to a department user group, for example, Marketing or Engineering. Monitor the department activity, and get feedback from department members to understand the web resources that are essential to the work they do.
      • Consider all the ways of leveraging URL filtering to reduce your attack surface. For example, a school may use URL filtering to enforce strict safe search for students. Or, if you have a security operations center, you might give only threat analysts password access to compromised or dangerous sites for research.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.