Decide How You Want to Enforce URL Categories
To first deploy URL filtering in your network, we recommend that you start with a basic setup that’ll give you visibility into web activity patterns while blocking confirmed malicious content:
- Start with a (mostly) passive URL Filtering profile that alerts on most categories. This gives you visibility into the sites your users are accessing, so you can decide what you want allow, limit, and block.
- Block URL categories that we know are bad: malware, C2, and phishing.
- Block or strongly limit access to high-risk content. While high-risk sites are not confirmed malicious, they are closely associated with malicious sites. For example, they might be on the same domain as malicious sites or maybe they hosted malicious content until only very recently.
Because alerting on all web activity might create a large amount of log files, it’s a good idea to do this only when you’re initially deploying URL Filtering. After determining the categories you want to sanction, you can set those categories to allow, which will not generate logs.
At that time, you can also reduce URL filtering logs by enabling the
Log container page onlyoption in the URL Filtering profile so only the main page that matches the category will be logged, not subsequent pages/categories that may be loaded within the container page.
- Create a new URL Filtering profile.
- SelectObjectsSecurity ProfilesURL Filtering.
- Select the default profile and then clickClone. The new profile will be nameddefault-1.
- Select thedefault-1profile and rename it. For example, rename it to URL-Monitoring.
- Configure the action for all categories toalert, except for malware, command-and-control, and phishing, which should remain blocked.
- In the section that lists all URL categories, select all categories.
- To the right of theActioncolumn heading, mouse over and select the down arrow and then selectSet Selected Actionsand choosealert.
- Blockaccess to sites that we know are dangerous: malware, command-and-control, and phishing.The complete list of URL categories that we recommend you block as a best practice are: malware, command-and-control, phishing, dynamic-dns, unknown, copyright-infringement, extremism, proxy-avoidance-and-anonymizers, parked, and high-risk.
- If you’re hesitant to block high-risk content outright, you can take precautionary measures to limit your users’ interaction with it. This applies to any category that might present safety concerns, but to which you still want to grant your users access (for example, you might want to allow your developers to use developer blogs for research, yet blogs are a category known to commonly host malware).
- ClickOKto save the profile.
- Apply the URL Filtering profile to the security policy rule(s) that allows web traffic for users.
- Selectand select the appropriate security policy to modify it.PoliciesSecurity
- Select theActionstab and in theProfile Settingsection, click the drop-down forURL Filteringand select the new profile.
- ClickOKto save.
- Save the configuration.ClickCommit.
- View the URL filtering logs to determine all of the website categories that your users are accessing. The categories you’ve set to block are also logged.For information on viewing the logs and generating reports, see Monitor Web Activity.Select. A log entry will be created for any website that exists in the URL filtering database that is in a category set to any action other thanMonitorLogsURL Filteringallow.
URL Categories PAN-DB classifies websites based on site content, features, and safety. A URL can have up to four categories, including risk categories (high, medium, ...
Transition URL Filtering Profiles Safely to Best Practices
Apply URL Filtering profiles to allow rules to protect against risky websites and content without risking application availability. ...
New Security-Focused URL Categories
Use the new security-focused URL categories to implement simple security and decryption policies based on website safety, without requiring you to research and individually assess ...
Multi-Category URL Filtering
PAN-DB classifies URLs with multiple categories, so that you can granularly control web access and how users interact with online content. ...
URL Filtering Profile Actions
URL Filtering Profile Actions The URL Filtering profile specifies web access and credential submission permissions for each URL category. By default, site access for all ...
Policy Actions You Can Take Based On URL Categories
Policy Actions You Can Take Based on URL Categories On the firewall, you can use a URL Filtering profile to specify how you would like ...
URL Filtering Categories
URL Filtering Categories Select Objects Security Profiles URL Filtering Categories to control access to websites based on URL categories. Categories Settings Description Category Displays the ...
Create Best Practice Security Profiles for the Internet Gat...
Use these File Blocking settings as a best practice at your internet gateway. ...
URL Filtering Logs
URL Filtering Logs URL Filtering logs display entries for traffic that matches the URL Filtering profile attached to a security policy rule. For example, the ...