>
    Allow Password Access to Certain Sites (Strata Cloud Manager)
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced URL Filtering
    3. URL Filtering Features
    4. Allow Password Access to Certain Sites
    5. Allow Password Access to Certain Sites (Strata Cloud Manager)
    Download PDF
    Advanced URL Filtering

    Cloud Managed

    Table of Contents

    Allow Password Access to Certain Sites (
    Strata Cloud Manager
    )

    If you’re using Panorama to manage
    Prisma Access
    :
    Toggle over to the
    PAN-OS & Panorama
     tab and follow the guidance there.
    If you’re using
    Strata Cloud Manager
    , continue here.
    1. Go to the URL Access Management dashboard.
      Select
      Manage
      Configuration
      Security Services
      URL Access Management
      .
    2. Select
      Settings
      .
    3. Create a URL admin override password.
      1. Go to URL Admin Overrides, and
        Add URL Admin Overrides
        .
      2. (
        Optional
        ) Select a
        Mode
         for prompting users for the password:
        • Transparent
          —The password prompt appears to originate from the original destination URL. The firewall intercepts the browser traffic destined for sites in a URL category set to override and issues an HTTP 302 to prompt for the password, which applies on a per-vsys level.
        • Redirect
          —The password prompt appears from an
          Address
           (IP address or DNS hostname) that you specify. The firewall intercepts HTTP or HTTPS traffic to a URL category set to override and uses an HTTP 302 redirect to send the request to a Layer 3 interface on the firewall.
      3. Enter a
        Password
        , then enter it again to
        Confirm Password
        .
      4. (
        Optional
        ) Select an
        SSL/TLS Service Profile
        .
        You can create and manage SSL/TLS service profiles by clicking
        Create New
         and
        Manage
        , respectively.
      5. Save
         your changes.
    4. (
      Optional
      ) Set the duration of override access and password lockouts.
      By default, users can access websites in categories for which they have successfully entered an override password for 15 minutes. After the default or custom interval passes, users must re-enter the password.
      By default, users are blocked for 30 minutes after three failed password attempts. After the user is locked out for the default or custom duration, they can try to access the websites again.
      1. Customize the General Settings.
      2. For
        URL Admin Override Timeout
        , enter a value (in minutes) from 1 to 86,400.
      3. For
        URL Admin Lockout Timeout
        , enter a value (in minutes) from 1 to 86,400.
      4. Save
         your changes.
    5. Specify the URL categories that require password access.
      1. On the URL Access Management dashboard, under the
        Access Control
         tab, go to URL Access Management Profiles and modify or
        Add Profile
        .
      2. Under Access Control, select the categories that require password access.
      3. With all the categories selected, click
        Set Access
         and then select
        Override
        .
        You should see that Site Access for the highlighted categories now say
        override
        .
      4. Save
         your changes.
    6. Apply the URL Access Management profile to a Security policy rule.
      A URL Access Management profile is only active when it’s included in a profile group that a Security policy rule references.
      Follow the steps to activate a URL Access Management profile (and any Security profile). Be sure to
      Push Config
       when you are done.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.