Control Access to Web Content
URL Filtering provides visibility and control over web traffic on your network. With URL filtering enabled, the firewall can categorize web traffic into one or more URL categories. You can then create policies that specify whether to allow, block, or log (alert) traffic based on the category to which it belongs. Together with User-ID, you can also use URL Filtering to Prevent Credential Phishing based on URL category.
The following workflow shows how to enable PAN-DB for URL filtering, create security profiles, and attach them to Security policy rules to enforce a basic URL filtering policy.
- Confirm that you have a URL Filtering license.
- Obtain and install a URL Filtering license. See Activate Licenses and Subscriptions for details.
- Selectand verify that the URL Filtering license is valid.DeviceLicenses
- Download the seed database and activate the license.
- To download the seed database, clickDownloadnext toDownload Statusin the PAN-DB URL Filtering section of the Licenses page.
- Choose a region (APAC, Europe, Japan, Latin-America, North-America, or Russia) and then clickOKto start the download.
- After the download completes, clickActivate. The Active field now shows that PAN-DB is now active.
- SelectandObjectsSecurity ProfilesURL FilteringAddor modify a URL Filtering profile.
- SelectCategoriesto allow, alert, continue, or block access to. If you are not sure what sites or categories you want to control access to, consider setting the categories (except for those blocked by default) to alert. You can then use the visibility tools on the firewall, such as the ACC and App Scope, to determine which web categories to restrict to specific groups or to block entirely. See URL Filtering Profile Actions for details on the site access settings you can enforce for each URL category.
- SelectCategoriesto Prevent Credential Phishing based on URL category.
- SelectOverridesto Allow Password Access to Certain Sites.
- Enable Safe Search Enforcement to ensure that user search results are based on search engine safe search settings.
- Attach the URL filtering profile to a Security policy rule.
- Select a Security policy rule that allows web access to edit it and select theActionstab.
- In theProfile Settingslist, select theURL Filteringprofile you just created. (If you don’t see drop-downs for selecting profiles, set theProfile TypetoProfiles.)
- ClickOKto save the profile.
- Enable response pages in the management profile for each interface on which you are filtering web traffic.
- Selectand then select an interface profile to edit or clickNetworkNetwork ProfilesInterface MgmtAddto create a new profile.
- SelectResponse Pages, as well as any other management services required on the interface.
- ClickOKto save the interface management profile.
- Selectand select the interface to which to attach the profile.NetworkInterfaces
- On thetab, select the interface management profile you just created.AdvancedOther Info
- ClickOKto save the interface settings.
- Commit your changes.Committhe configuration.
- Test the URL filtering configuration.From an endpoint in a trusted zone, attempt to access sites in various categories and make sure you see the expected result based on the corresponding Site Access setting you selected:
- If you set Site Access toalertfor the category, check the URL Filtering log to make sure you see a log entry for the request.
- If you set Site Access tocontinuefor the category, verify that the URL Filtering Continue and Override Page response page displays.Continueto the site.
- If you set Site Access toblockfor the category, verify that the URL Filtering and Category Match Block Page response page displays:
Recommended For You
Recommended videos not found.