URL Filtering Inline ML

URL Filtering inline ML prevents malicious content in real-time using machine learning on the firewall.
You can now prevent malicious variants of JavaScript exploits and phishing attacks embedded in webpages from entering your network using machine learning (ML) on the firewall dataplane. URL filtering inline ML dynamically analyzes and detects malicious contents by evaluating various webpage details to formulate a high probability classification of a file. This protection extends to currently unknown as well as future variants of threats that match characteristics that Palo Alto Networks identified as malicious.You configure the URL filtering inline ML models through your URL Filtering profile but this requires a PAN-DB URL Filtering license. Additionally, you can specify URL exceptions to exclude any false-positives you encounter, which enables you to create more granular rules in your profiles to support your specific security needs.
URL filtering inline ML is not supported on the VM-50 or VM50L virtual appliance.
  1. To take advantage of URL filtering inline ML, you must have an active PAN-DB URL Filtering subscription to analyze webpages for JavaScript and phishing threats.
    Verify that you have a URL Filtering subscription. To verify subscriptions for which you have currently-active licenses, select
    Device
    Licenses
    and verify that the appropriate licenses display and are not expired.
    threat-prevention-url-filtering-subscriptions.png
  2. Create a new or update your existing URL Filtering Security profiles to use URL Filtering inline ML.
    1. Select an existing
      URL Filtering Profile
      or
      Add
      a new one (
      Objects
      Security Profiles
      URL Filtering
      ).
    2. Select your URL Filtering profile and then go to
      Inline ML
      and define a policy
      Action
      for each URL Filtering model. There are two URL classification engines:
      Phishing
      and
      JavaScript Exploit
      , one for each type of malicious webpage content.
      • Block
        —The firewall blocks the website and the user will not be able to continue to the website. The firewall also generates a URL Filtering log entry.
      • Alert
        —The firewall allows access to the website but also generates a URL Filtering log entry.
      • Allow
        —The firewall allows access to the website does not generate a URL Filtering log entry.
        url-filtering-inline-ml-policy.png
    3. Click
      OK
      to exit the URL Filtering Profile configuration dialog and
      Commit
      your changes.
  3. (
    Optional
    ) Add URL exceptions to your URL Filtering Security profile if you encounter false-positives.
    1. Select
      Objects > Security Profiles > URL Filtering
      .
    2. Add
      or modify an existing URL Filtering profile from which you want to exclude specific URLs and then select
      Inline ML
      .
    3. Add
      a pre-existing URL-based external dynamic list. If none are available, create a new external dynamic list.
      dynamic-classification-url-filtering-exception.png
    4. Click
      OK
      to save the URL Filtering profile and
      Commit
      your changes.
  4. (Optional)
    See Configure URL Filtering Inline ML for information about testing your firewall’s connection to the inline ML cloud service and viewing related logs.

Recommended For You