The advanced URL filtering subscription is a real-time
cloud-based web security engine that protects against advanced web-based
Palo Alto Networks now offers a new subscription
service that works in conjunction with your existing PAN-DB URL
filtering solution to provide real time URL analysis and malware prevention
to generate a more accurate analysis of URLs than possible with
traditional web database filtering techniques alone. This subscription
service is available on firewalls operating PAN-OS 9.0 and later,
with the installation of content release 8390-6607 and later.
URLs can be updated or introduced before URL filtering databases
have an opportunity to analyze the content; this lag time gives
attackers an open period from which they can launch precision attack
campaigns. Advanced URL filtering compensates for the coverage gaps
inherent in database solutions by providing real time URL analysis
on a per request basis. When a user visits a URL designated as risky,
the firewall submits the URL to the advanced URL filtering service
for analysis using machine learning and queries PAN-DB for the site’s
category (information for recently visited websites are cached for
fast retrieval). The analysis data is used to generate a verdict
that the firewall retrieves to enforce the web-access rules based
on your policy configuration. If there is a verdict mismatch while
the data is being analyzed in the cloud, the more severe categorization
Advanced URL filtering is enabled through
the URL filtering profile and uses the same configuration settings.
If you already have an operational URL filtering deployment, no
additional configuration is necessary to take advantage of advanced
URL filtering—all web requests designated as risky are automatically
forwarded for analysis. URLs analyzed using advanced URL filtering
are displayed in the logs using the category real-time-detection,
in addition to the threat type.
The advanced URL filtering
subscription is an optional service that is used in conjunction
with PAN-DB. Please contact your Palo Alto Networks sales representative
for more information.
The Advanced URL Filtering security
subscription is not available on CN-Series firewalls.