Configure URL Filtering Inline ML
Table of Contents
Configure URL Filtering Inline ML
Learn how to enable and configure inline ML-based URL
filtering for enhanced threat detection and prevention.
To enable your URL Filtering inline ML configuration,
attach the URL Filtering profile configured with the inline ML settings
to a Security policy rule (see Set Up a Basic Security Policy).
URL
Filtering inline ML is not currently supported on the VM-50 or VM50L
virtual appliance.
- To take advantage of URL Filtering inline ML,
you must have an active Advanced URL Filtering or legacy URL Filtering
subscription. Verify that you have a URL Filtering subscription. To verify subscriptions for which you have currently-active licenses, select and verify that the appropriate licenses display and are not expired. The image below shows the license entry for the legacy URL Filtering subscription.
![]()
- Create a new or update your existing URL Filtering profiles
to use URL Filtering inline ML.
- Select an existing URL Filtering Profile or Add a new one ().
- Select Inline ML and define a policy Action for each URL Filtering inline ML model. This enforces the selected policy action on a per model basis. Currently, there are two classification engines available: Phishing and JavaScript Exploit, one for each type of malicious webpage content.
- Block—When the firewall detects a website with phishing content, the firewall generates a URL Filtering log entry.
- Alert—The firewall allows access to the website and generates a URL Filtering log entry.
- Allow—The firewall allows access to the website but does not generate a URL Filtering log entry.
![]()
- Click OK to exit the URL Filtering Profile dialog, then Commit your changes.
- (Optional) Add URL exceptions to your URL Filtering
profile if you encounter false-positives. You can add exceptions
by specifying an external dynamic list from the URL Filtering profile
or by adding a web page entry from the URL Filtering logs.
- Add an external dynamic list of URL exceptions.
- Select Objects > Security Profiles > URL Filtering.
- Select a URL Filtering profile for which you want to exclude specific URLs, then select Inline ML.
- Add a pre-existing URL-based external dynamic list. If none is available, create a new external dynamic list.
![]()
- Click OK to save the URL Filtering profile and Commit your changes.
- Add file exceptions from URL Filtering log entries.
- Select Monitor > Logs > URL Filtering and filter the logs for URL entries with an Inline ML Verdict of malicious-javascript or phishing. Select a URL Filtering log for a URL that you wish to create an exception for.
- Go to the Detailed Log View and scroll down to the Details pane, then select Create Exception located next to the Inline ML Verdict.
![]()
- Select a custom category for the URL exception and click OK.
- The new URL exception can be found in the list to which it was added, under Objects > Custom Objects > URL Category.
- (Optional) Verify the status of your firewall’s
connectivity to the inline ML cloud service.Use the following CLI command on the firewall to view the connection status.
show mlav cloud-statusFor example:show mlav cloud-status MLAV cloud Current cloud server: ml.service.paloaltonetworks.com Cloud connection: connected
If you are unable to connect to the inline ML cloud service, verify that the following domain is not being blocked: ml.service.paloaltonetworks.com.
