URL Filtering Categories
Select ObjectsSecurity ProfilesURL FilteringCategories to control access to websites based on URL categories.
Attach a URL Filtering profile to all Security policy rules that allow access to web-based applications to protect against URLs that have been observed to host malware or exploitive content.
In addition to the predefined categories, both custom URL categories and external dynamic lists of type URL are displayed under Category. By default, the Site Access and User Credential Submission permissions for all categories are set to Allow.
Block all known dangerous URL categories, including command-and-control, copyright-infringement, dynamic-dns, extremism, malware, phishing, proxy-avoidance-and-anonymizers, unknown, and parked to protect against exploit infiltration, malware download, command-and-control activity, and data exfiltration.
To phase in a block policy, set categories to continue and create a custom response page to educate users about your use policy and alert them that they are visiting a site that may pose a threat. After a suitable period of time, transition to a policy that blocks the potentially malicious sites.
For each URL category, select the action to take when a user attempts to access a URL in that category (Site Access):
The Continue pages will not be displayed properly on client machines that are configured to use a proxy server.
The Override pages will not be displayed properly on client machines that are configured to use a proxy server.
User Credential Submission
For each URL category, select the User Credential Submissions to allow or disallow users from submitting valid corporate credentials to a URL in that category. Before you can control user credential submissions based on URL category, you must enable credential submission detection (select the User Credential Detection tab).
URL categories with the Site Access set to block are automatically set to also block user credential submissions.
Check URL Category
Click to access the PAN-DB URL Filtering database, where you can enter a URL or IP address to view categorization information.
Dynamic URL Filtering
(Configurable for BrightCloud only)
Select to enable cloud lookup for categorizing the URL. This option is invoked if the local database is unable to categorize the URL.
If the URL is unresolved after a 5 second timeout window, the response is displayed as Not resolvedURL.
With PAN-DB, this option is enabled by default and is not configurable.
URL Filtering Profile Actions
URL Filtering Profile Actions The URL Filtering profile specifies web access and credential submission permissions for each URL category. By default, site access for all ...
Prevent Credential Phishing
Prevent Credential Phishing Phishing sites are sites that attackers disguise as legitimate websites with the aim to steal user information, especially the credentials that provide ...
URL Filtering Response Pages
URL Filtering Response Pages The firewall provides three predefined response pages that display by default when a user attempts to browse to a site in ...
Set Up Credential Phishing Prevention
Set Up Credential Phishing Prevention After you have decided which of the Methods to Check for Corporate Credential Submissions you want to use, take the ...
Configure URL Filtering
Configure URL Filtering After you Determine URL Filtering Policy Requirements , you should have a basic understanding of what types of websites and website categories ...
URL Categories Each website defined in the URL filtering database is assigned a URL category. Here are a few ways to leverage URL categories: Block ...
Device > Response Pages
Device > Response Pages Custom response pages are the web pages that display when a user tries to access a URL. You can provide a ...
User Credential Detection
User Credential Detection Select Objects Security Profiles URL Filtering User Credential Detection to enable the firewall to detect when users submit corporate credentials. Configure user ...
Control Access to Web Content
Control Access to Web Content URL Filtering provides visibility and control over web traffic on your network. With URL filtering enabled, the firewall can categorize ...