1. Home
    2. PAN-OS
    3. PAN-OS ® New Features Guide
    4. URL Filtering Features
    5. URL Filtering Inline ML

    URL Filtering Inline ML

    URL Filtering inline ML prevents malicious content in real-time using machine learning on the firewall.
    You can now prevent malicious variants of JavaScript exploits and phishing attacks embedded in webpages from entering your network using machine learning (ML) on the firewall dataplane. URL filtering inline ML dynamically analyzes and detects malicious contents by evaluating various webpage details to formulate a high probability classification of a file. This protection extends to currently unknown as well as future variants of threats that match characteristics that Palo Alto Networks identified as malicious.You configure the URL filtering inline ML models through your URL Filtering profile but this requires a PAN-DB URL Filtering license. Additionally, you can specify URL exceptions to exclude any false-positives you encounter, which enables you to create more granular rules in your profiles to support your specific security needs.
    URL filtering inline ML is not supported on the VM-50 or VM50L virtual appliance.
    1. To take advantage of URL filtering inline ML, you must have an active PAN-DB URL Filtering subscription to analyze webpages for JavaScript and phishing threats.
      Verify that you have a URL Filtering subscription. To verify subscriptions for which you have currently-active licenses, select
      Device
      Licenses
       and verify that the appropriate licenses display and are not expired.
    2. Create a new or update your existing URL Filtering Security profiles to use URL Filtering inline ML.
      1. Select an existing
        URL Filtering Profile
         or
        Add
         a new one (
        Objects
        Security Profiles
        URL Filtering
        ).
      2. Select your URL Filtering profile and then go to
        Inline ML
         and define a policy
        Action
         for each URL Filtering model. There are two URL classification engines:
        Phishing
         and
        JavaScript Exploit
        , one for each type of malicious webpage content.
        • Block
          —The firewall blocks the website and the user will not be able to continue to the website. The firewall also generates a URL Filtering log entry.
        • Alert
          —The firewall allows access to the website but also generates a URL Filtering log entry.
        • Allow
          —The firewall allows access to the website does not generate a URL Filtering log entry.
      3. Click
        OK
         to exit the URL Filtering Profile configuration dialog and
        Commit
         your changes.
    3. (
      Optional
      ) Add URL exceptions to your URL Filtering Security profile if you encounter false-positives.
      1. Select
        Objects > Security Profiles > URL Filtering
        .
      2. Add
         or modify an existing URL Filtering profile from which you want to exclude specific URLs and then select
        Inline ML
        .
      3. Add
         a pre-existing URL-based external dynamic list. If none are available, create a new external dynamic list.
      4. Click
        OK
         to save the URL Filtering profile and
        Commit
         your changes.
    4. (Optional)
       See Configure URL Filtering Inline ML for information about testing your firewall’s connection to the inline ML cloud service and viewing related logs.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo