Determine URL Filtering Policy Requirements
The recommended practice for deploying URL filtering in your organization is to first start with a passive URL filtering profile that will alert on most categories. After setting the alert action, you can then monitor user web activity for a few days to determine patterns in web traffic. After doing so, you can then make decisions on the websites and website categories that should be controlled.
In the procedure that follows, threat‑prone sites will be set to block and the other categories will be set to alert, which will cause all websites traffic to be logged. This may potentially create a large amount of log files, so it is best to do this for initial monitoring purposes to determine the types of websites your users are accessing. After determining the categories that your company approves of, those categories should then be set to allow, which will not generate logs. You can also reduce URL filtering logs by enabling the Log container page only option in the URL Filtering profile, so only the main page that matches the category will be logged, not subsequent pages/categories that may be loaded within the container page.
If you subscribe to third-party URL feeds and want to secure your users from emerging threats, see Use an External Dynamic List in a URL Filtering Profile.
a new URL Filtering profile.
- Select ObjectsSecurity ProfilesURL Filtering.
- Select the default profile and then click Clone. The new profile will be named default-1.
- Select the default-1 profile and rename it. For example, rename it to URL-Monitoring.
- Configure the action for all categories to alert,
except for threat‑prone categories, which should remain blocked.To select all items in the category list from a Windows system, click the first category, then hold down the shift key and click the last category—this will select all categories. Hold the control key (ctrl) down and click items that should be deselected. On a Mac, do the same using the shift and command keys. You could also just set all categories to alert and manually change the recommended categories back to block.
- In the section that lists all URL categories, select all categories.
- To the right of the Action column heading, mouse over and select the down arrow and then select Set Selected Actions and choose alert.
- To ensure that you block access to threat-prone sites, select the following categories and then set the action to block: abused-drugs, adult, gambling, hacking, malware. phishing, questionable, weapons.
- Click OK to save the profile.
- Apply the URL Filtering profile to the security policy
rule(s) that allows web traffic for users.
- Select PoliciesSecurity and select the appropriate security policy to modify it.
- Select the Actions tab and in the Profile Setting section, click the drop-down for URL Filtering and select the new profile.
- Click OK to save.
- Save the configuration.Click Commit.
- View the URL filtering logs to determine all of the website
categories that your users are accessing. In this example, some
categories are set to block, so those categories will also appear
in the logs.For information on viewing the logs and generating reports, see Monitor Web Activity.Select MonitorLogsURL Filtering. A log entry will be created for any website that exists in the URL filtering database that is in a category that is set to any action other than allow.
Configure URL Filtering
Configure URL Filtering After you Determine URL Filtering Policy Requirements , you should have a basic understanding of what types of websites and website categories ...
Objects > Security Profiles > URL Filtering
Objects > Security Profiles > URL Filtering You can use URL filtering profiles to control access to web content. What are you looking for? See: ...
URL Categories Each website defined in the URL filtering database is assigned a URL category. Here are a few ways to leverage URL categories: Block ...
URL Category as Policy Match Criteria
URL Category as Policy Match Criteria Use URL Categories as a match criteria in a policy rule for more granular enforcement. For example, suppose you ...
Control Access to Web Content
Control Access to Web Content URL Filtering provides visibility and control over web traffic on your network. With URL filtering enabled, the firewall can categorize ...
URL Filtering Profile Actions
URL Filtering Profile Actions The URL Filtering profile specifies web access and credential submission permissions for each URL category. By default, site access for all ...
URL Filtering Concepts
URL Filtering Concepts URL Categories URL Filtering Profile URL Filtering Profile Actions URL Category Exception Lists External Dynamic List for URLs Container Pages HTTP Header ...
Five-Minute Updates for PAN-DB Malware and Phishing URL Categories
Five-Minute Updates for PAN-DB Malware and Phishing URL Categories The Malware and Phishing URL categories in the PAN-DB cloud are now updated every five minutes ...
Use Case: Use URL Categories for Policy Matching
Use Case: Use URL Categories for Policy Matching You can also use URL categories as match criteria in the following policy types: Authentication, Decryption, Security, ...