Control Access to Web Content
URL Filtering provides visibility and control over web traffic on your network. With URL filtering enabled, the firewall can categorize web traffic into one or more URL categories. You can then create policies that specify whether to allow, block, or log (alert) traffic based on the category to which it belongs. Together with User-ID, you can also use URL Filtering to Prevent Credential Phishing based on URL category.
The following workflow shows how to enable PAN-DB for URL filtering, create security profiles, and attach them to Security policy rules to enforce a basic URL filtering policy.
- Confirm that you have a URL Filtering license.
- Obtain and install a URL Filtering license. See Activate Licenses and Subscriptions for details.
- Selectand verify that the URL Filtering license is valid.DeviceLicenses
- Download the seed database and activate the license.
- To download the seed database, clickDownloadnext toDownload Statusin the PAN-DB URL Filtering section of the Licenses page.
- Choose a region (APAC, Europe, Japan, Latin-America, North-America, or Russia) and then clickOKto start the download.
- After the download completes, clickActivate. The Active field now shows that PAN-DB is now active.
- SelectandObjectsSecurity ProfilesURL FilteringAddor modify a URL Filtering profile.
- SelectCategoriesto allow, alert, continue, or block access to. If you are not sure what sites or categories you want to control access to, consider setting the categories (except for those blocked by default) to alert. You can then use the visibility tools on the firewall, such as the ACC and App Scope, to determine which web categories to restrict to specific groups or to block entirely. See URL Filtering Profile Actions for details on the site access settings you can enforce for each URL category.
- SelectCategoriesto Prevent Credential Phishing based on URL category.
- SelectOverridesto Allow Password Access to Certain Sites.
- Enable Safe Search Enforcement to ensure that user search results are based on search engine safe search settings.
- Attach the URL filtering profile to a Security policy rule.
- Select a Security policy rule that allows web access to edit it and select theActionstab.
- In theProfile Settingslist, select theURL Filteringprofile you just created. (If you don’t see drop-downs for selecting profiles, set theProfile TypetoProfiles.)
- ClickOKto save the profile.
- Enable response pages in the management profile for each interface on which you are filtering web traffic.
- Selectand then select an interface profile to edit or clickNetworkNetwork ProfilesInterface MgmtAddto create a new profile.
- SelectResponse Pages, as well as any other management services required on the interface.
- ClickOKto save the interface management profile.
- Selectand select the interface to which to attach the profile.NetworkInterfaces
- On thetab, select the interface management profile you just created.AdvancedOther Info
- ClickOKto save the interface settings.
- Commit your changes.Committhe configuration.
- Test the URL filtering configuration.From an endpoint in a trusted zone, attempt to access sites in various categories and make sure you see the expected result based on the corresponding Site Access setting you selected:
- If you set Site Access toalertfor the category, check the URL Filtering log to make sure you see a log entry for the request.
- If you set Site Access tocontinuefor the category, verify that the URL Filtering Continue and Override Page response page displays.Continueto the site.
- If you set Site Access toblockfor the category, verify that the URL Filtering and Category Match Block Page response page displays:
URL Filtering Categories
URL Filtering Categories Objects > Security Profiles > URL Filtering > Categories The following table describes URL filtering category settings. Categories Settings Description Category In ...
Block Search Results when Strict Safe Search is not Enabled
Block Search Results when Strict Safe Search is not Enabled By default, when you enable safe search enforcement, when a user attempts to perform a ...
Objects > Security Profiles > URL Filtering
Objects > Security Profiles > URL Filtering You can use URL filtering profiles to control access to web content. What are you looking for? See: ...
URL Categories Each website defined in the URL filtering database is assigned a URL category. Here are a few ways to leverage URL categories: Block ...
URL Filtering Profile Actions
URL Filtering Profile Actions The URL Filtering profile specifies web access and credential submission permissions for each URL category. By default, site access for all ...
Transparently Enable Safe Search for Users
Transparently Enable Safe Search for Users If you want to enforce filtering of search query results with the strictest safe search filters, but you don’t ...
Determine URL Filtering Policy Requirements
Determine URL Filtering Policy Requirements The recommended practice for deploying URL filtering in your organization is to first start with a passive URL filtering profile ...
Allow Password Access to Certain Sites
Allow Password Access to Certain Sites In some cases there may be URL categories that you want to block, but allow certain individuals to browse ...
URL Filtering The Palo Alto Networks URL filtering solution allows you to monitor and control the sites users can access, to prevent phishing attacks by ...