Scribd
Upload
10 views

40-URL+Filtering+Profile

Uploaded by

nishantmann1008
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views

40-URL+Filtering+Profile

Uploaded by

nishantmann1008
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

URL Filtering Profile:

o Using URL filtering to block outbound communication to known malicious URLs.


o Reduction of the risk of infection from dangerous websites and protection of users
o In PA Firewall URL filtering classifies and controls web browsing based on content.
o URL filtering automatically prevents attacks that leverage web as an attack vector.
o Including phishing links in emails, phishing sites, HTTP‐based command and control.
o URL Filtering prevents attacks includes malicious sites & pages that carry exploit kits.
o Palo Alto Networks URL filtering solution supports both BrightCloud and PAN-DB.
o URL Filtering with enables safe web access, protecting users from dangerous websites.
o PAN-DB is our URL & IP database, designed to fulfill an enterprise’s web security needs.
o URL Filtering protecting users from malware sites, credential-phishing pages & threats.
o To do URL Filtering, Application should be allowed in PA Firewall Security Policy Rule.
o There is already one included predefined read only profiles with name default.
o This can be cloned for making custom, or new profile can be built from scratch.
o Custom profile can be created based on your company’s internal security policies.
o URL filtering should be customized to meet the unique needs of your organization.
o A URL filtering profile can be configured to take specific actions per each category.
o Allow list and block lists can be used to add sites you don’t want the users to access.
o User’s name will be displayed on the page if UserID is enabled; otherwise the IP add.
o If Continue or Override is used, 15-minute timer is set to allow access to that category.
o Transparent mode can be used make block pages look to originate from blocked website.
o Redirect will send request to specified IP; this IP must be an L3 interface on the firewall.

Dashboard > General Information to check URL Filtering Version.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Check that Valid Licensing either PAN-DB or BrightCloud URL Filtering is installed.

To create custom URL Filtering Profiles, select Objects> Security Profiles> URL Filtering Add new
profile or can used already created default predefined profiles (Default).

To create New or clone default URL Filtering Profile type the name of Profile in our case URL-
Profile, front of every category take specific actions per each category based on company’s your
internal security policies.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Categories Settings Description
Category Predefined categories, both custom URL categories and external
dynamic lists of type URL are displayed under Category.
Site Access For each URL category, select the action to take when a user attempts
to access a URL in that category.
User Credential For each URL category, select the User Credential Submissions to
Submission allow or disallow users from submitting valid corporate credentials to
a URL in that category.
Check URL Category Click to access the PAN-DB URL Filtering database, where you can
enter a URL or IP address to view categorization information.

Site Access Column:


Action Description
Alert Allows access to web site but adds alert to URL log each time user accesses URL.
Allow Allows access to the web site but doesn’t log traffic.
Block Block access to the web site.
Continue Displays page to users that to warn them against continuing to access the page.
Override Displays a response page that prompts the user to enter a valid password in
order to gain access to the site.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


URL Filtering Profile Overrides Tab.

Allow List Exclude specific websites from URL category enforcement in order to enforce
that website separately from the associated URL category. Add sites you want to
always allow to the Allow List.
Block List Add sites to the Block List that you block, alert on, password protect, or warn
users against accessing.
Action Select the action to take when a web site in the block list is accessed.

Block List Action:


Action Description
Alert Allow the user to access the web site but add an alert to the URL log.
Block Block access to the web site.
Continue Allow user to access the blocked page by clicking Continue on block page.
Override Allow the user to access the blocked page after entering a password.

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


URL Filtering Settings Descriptions
Log container page only Select this option to log only the URLs that match the content
type that is specified. Default: Enabled
Safe Search Enforcement Select this option to enforce strict safe search filtering.
HTTP Header Logging Enabling HTTP Header Logging provides visibility into the
attributes included in the HTTP request sent to a server.
User-Agent—Web browser that the user used to access the URL.
Referer—URL of web page that linked user to another web page;
X-Forwarded-For—The header field option that preserves the IP
address of the user who requested the web page.

Select Objects > Security Profiles > URL Filtering > User Credential Detection to enable the
firewall to detect when users submit corporate credentials.

Settings Description
IP User This credential detection method checks for valid username submissions.
Group The firewall determines if the username a user submits to a restricted site
Mapping matches any valid corporate username.
Domain This credential detection method enables the firewall to check for a valid
Credential corporate username and the associated password.

Let’s modify the URL Filtering Profile go to Objects > Security Profiles > URL Filtering > click on
custom created ULR Profile named: URL-Profile on categories tab in search type social and type
enter button or arrow to search for Social-networking in Site access change the action to block.
Click OK and commit the changes.

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Apply URL Filtering Profile to Security Profile Rule (Inside-to-Outside). Commit the Changes by
Clicking Commit on top right corner to save the configuration.

Network > Network Profiles > Interface-Mgmt


Create an interface management profile with response pages enabled or enable response pages
on already created ping interface management profile.

6 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Verification:

From inside any PC access any Social-Networking Websites such as Linkedin.com, twitter.com
or instagram.com it will show Web Page Blocked page as shown below.

Go to Monitor > Logs >Logs >URL Filtering to see the URL logs.

7 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Through command base check URL Filtering logs type command:
admin@PA-VM> show log url

Let’s Overrides the URL Filtering Rules allow facebook.com and block google.com. Commit.

8 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Let’s Overrides the URL Category Rules for Social-networking and Commit changes.

From inside any PC access any Social-Networking Websites such as Linkedin.com, twitter.com
or instagram.com it will show Web Page Blocked page and will ask the password to continue.

Let’s go to Device > Setup > Content-ID URL Settings for URL Admin Override click on Add and
specify the settings that apply when URL filtering profile blocks page & Override action is
specified.
Password/Confirm Password—Enter the password that the user must enter to override the
block page.

9 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


SSL/TLS Service Profile—To specify a certificate and the allowed TLS protocol versions for
securing communications when redirecting through the specified server, select an SSL/TLS
Service profile.
Mode—Determines whether the block page is delivered transparently (it appears to originate
at the blocked website) or redirects the user to the specified server. If you choose Redirect,
enter the IP address for redirection.

Test URL Category:

CLI Command to test URL Category type test url and then input your website to check category.
admin@PA-VM> test url facebook.com
facebook.com social-networking (Base db) expires in 1800 seconds
facebook.com social-networking (Cloud db)

Or visit this Palo Alto Network Firewall URL link to find out any website category.
https://urlfiltering.paloaltonetworks.com/query/
example youtube.com

10 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

You might also like