Learn what distinguishes application signatures and URL
categories and how App-ID and URL filtering enable comprehensive
and granular policy creation.
The Palo Alto Networks URL filtering solution in combination
with App-ID provides
unprecedented protection against a full spectrum of cyber attacks,
legal, regulatory, productivity, and resource utilization risks.
While App-ID gives you control over what applications users can
access, URL filtering provides control over related web activity.
When combined with User-ID, you can enforce controls based on users
With today’s application landscape and the way many applications
use HTTP and HTTPS, you will need to use App-ID, URL filtering,
or both in order to define comprehensive web access policies. App-ID
signatures are granular and they allow you to identify shifts from
one web-based application to another; URL filtering allows you to
enforce actions based on a specific website or URL category. For
example, while you can use URL filtering to control access to Facebook
and/or LinkedIn, URL filtering cannot block the use of related applications
such as email, chat, or other any new applications that are introduced
after you implement policy. When combined with App-ID, you can control
the use of related applications because of the granular application
signatures that can identify each application and regulate access
to Facebook while blocking access to Facebook chat, when defined
You can also use URL categories
as match criteria in policies. URL categories enable you
to create exception-based rules and granular policy enforcement
capabilities. For example, you can create a security policy rule
that permits users in the IT-security group to access sites in the
malware category and place it above the rule that denies access
for all users.