Access to Web Content
URL Filtering provides visibility and control over web traffic on your network. With URL filtering enabled, the firewall can categorize web traffic into one or more (from approximately 60) categories. You can then create policies that specify whether to allow, block, or log (alert) traffic based on the category to which it belongs. The following workflow shows how to enable PAN-DB for URL filtering, create security profiles, and attach them to security policies to enforce a basic URL filtering policy.
- Confirm license information for URL Filtering.
- Obtain and install a URL Filtering license. See Activate Licenses and Subscriptions for details.
- Selectand verify that the URL Filtering license is valid.DeviceLicenses
- Download the seed database and activate the license.
- To download the seed database, clickDownloadnext toDownload Statusin the PAN-DB URL Filtering section of the Licenses page.
- Choose a region (North America, Europe, APAC, Japan) and then clickOKto start the download.
- After the download completes, clickActivate.
- Create a URL filtering profile.Because the default URL filtering profile blocks risky and threat-prone content, clone this profile when creating a new profile in order to preserve the default settings.
- Select.ObjectsSecurity ProfilesURL Filtering
- Select the default profile and then clickClone. The new profile will be named default-1.
- Select the new profile and rename it.
- Define how to control access to web content.If you are not sure what traffic you want to control, consider setting the categories (except for those blocked by default) to alert. You can then use the visibility tools on the firewall, such as the ACC and App Scope, to determine which web categories to restrict to specific groups or to block entirely. You can then go back and modify the profile to block and allow categories as desired.You can also define specific sites to always allow or always block regardless of category and enable the safe search option to filter search results when defining the URL Filtering profile.
- For each category that you want visibility into or control over, select a value from theActioncolumn as follows:
- If you do not care about traffic to a particular category (that is you neither want to block it nor log it), selectallow.
- For visibility into traffic to sites in a category, selectalert.
- To present a response page to users attempting to access a particular category to alert them to the fact that the content they are accessing might not be work appropriate, selectcontinue.
- To prevent access to traffic that matches the associated policy, selectblock(this also generates a log entry).
- ClickOKto save the URL filtering profile.
- Attach the URL filtering profile to a security policy.
- Select the desired policy to modify it and then click theActionstab.
- If this is the first time you are defining a security profile, selectProfilesfrom theProfile Typedrop-down.
- In theProfile Settingslist, select the profile you just created from theURL Filteringdrop-down. (If you don’t see drop-downs for selecting profiles, selectProfilesfrom theProfile Typedrop-down.)
- ClickOKto save the profile.
- Committhe configuration.
- Enable response pages in the management profile for each interface on which you are filtering web traffic.
- Selectand then select an interface profile to edit or clickNetworkNetwork ProfilesInterface MgmtAddto create a new profile.
- SelectResponse Pages, as well as any other management services required on the interface.
- ClickOKto save the interface management profile.
- Selectand select the interface to which to attach the profile.NetworkInterfaces
- On thetab, select the interface management profile you just created.AdvancedOther Info
- ClickOKto save the interface settings.
- Save the configuration.ClickCommit.
- Test the URL filtering configuration.Access a client PC in the trust zone of the firewall and attempt to access a site in a blocked category. Make sure URL filtering is applied based on the action you defined in the URL filtering profile:
- If you selectedalertas the action, check the data filtering log to make sure you see a log entry for the request.
- If you selected thecontinueaction, the URL Filtering Continue and Override Page response page should display.Continueto the site.
- If you selectedblockas the action, the URL Filtering and Category Match Block Page response page should display as follows:
Recommended For You
Recommended videos not found.