Palo Alto Networks Advanced URL Filtering subscription provides real-time URL analysis and malware prevention to generate a more accurate analysis of URLs than possible with traditional web database filtering techniques alone. This subscription service is available on firewalls operating PAN-OS 9.0 and later, with the installation of content release 8390-6607 and later.

Malicious URLs can be updated or introduced before URL filtering databases have an opportunity to analyze the content; this lag time gives attackers an open period from which they can launch precision attack campaigns. Advanced URL filtering compensates for the coverage gaps inherent in database solutions by providing real-time URL analysis per request. When a user visits a URL designated as risky, the firewall submits the URL to the advanced URL filtering service for machine learning analysis and searches PAN-DB for the site’s category (information for recently visited websites is cached for fast retrieval). The analysis data is used to generate a verdict that the firewall retrieves to enforce the web-access rules in your policy configuration. If there is a verdict mismatch while the data is being analyzed in the cloud, the more severe categorization takes precedence.

Advanced URL filtering is enabled in a URL Filtering profile and uses the same configuration settings. If you already have an operational URL filtering deployment, no additional configuration is necessary to take advantage of advanced URL filtering—all web requests designated as risky are automatically forwarded for analysis. URLs analyzed using advanced URL filtering are displayed in the logs with the category real-time-detection, in addition to the threat type.