URL Category as Policy Match Criteria
You can base policy enforcement on URL categories (both predefined and custom URL categories). For example, suppose you have configured Decryption, but you want to exclude traffic to certain types of websites (for example, healthcare or financial services) from being decrypted. In this case you could create a decryption policy rule that matches those categories and set the action to no-decrypt. By placing this rule above the rule to decrypt all traffic, you can ensure that web traffic with URL categories that match the no-decrypt rule, and all other traffic would match the subsequent rule.
The following table describes the policy types that accept URL category as match criteria:
To ensure that users authenticate before being allowed access to a specific category, you can attach a URL category as a match criterion for Authentication policy rules.
Decryption policies can use URL categories as match criteria to determine if specified websites should be decrypted or not. For example, if you have a decryption policy with the action decrypt for all traffic between two zones, there may be specific website categories, such as financial-services and/or health-and-medicine, that should not be decrypted. In this case, you would create a new decryption policy with the action of no‑decrypt that precedes the decrypt policy and then defines a list of URL categories as match criteria for the policy. By doing this, each URL category that is part of the no-decrypt policy will not be decrypted. You could also configure a custom URL category to define your own list of URLs that can then be used in the no-decrypt policy.
QoS policies can use URL categories to allocate throughput levels for specific website categories. For example, you may want to allow the streaming-media category, but limit throughput by adding the URL category as match criteria to the QoS policy.
In security policies you can use URL categories both as a match criteria in the Service/URL Category tab, and in URL filtering profiles that are attached in the Actions tab.
If for example, the IT-security group in your company needs access to the hacking category, while all other users are denied access to the category, you must create the following rules:
Use Case: Use URL Categories for Policy Matching
Use Case: Use URL Categories for Policy Matching You can also use URL categories as match criteria in the following policy types: Authentication, Decryption, Security, ...
Custom URL Categories
Custom URL Categories You can create a custom URL Filtering object to specify exceptions to URL category enforcement, and to create a custom URL category ...
URL Categories PAN-DB classifies websites based on site content, features, and safety. A URL can have up to four categories, including risk categories (high, medium, ...
Create a Policy-Based Decryption Exclusion
Exclude traffic that you choose not to decrypt for legal, privacy, or business reasons from decryption to comply with those policies while still applying SSL ...
Multi-Category URL Filtering
PAN-DB classifies URLs with multiple categories, so that you can granularly control web access and how users interact with online content. ...
URL Filtering Categories
URL Filtering Categories Select Objects Security Profiles URL Filtering Categories to control access to websites based on URL categories. Categories Settings Description Category Displays the ...
Create a Decryption Policy Rule
Decryption policy rules granularly define the traffic to decrypt or not to decrypt based on the source, destination, service (application port), and URL Category. ...
New Security-Focused URL Categories
Use the new security-focused URL categories to implement simple security and decryption policies based on website safety, without requiring you to research and individually assess ...
Decryption Service/URL Category Tab
Decryption Service/URL Category Tab Select the Service/URL Category tab to apply the decryption policy to traffic based on TCP port number or to any URL ...