Difference Between Block-Continue and Continue in URL Filtering Logs
69406
Created On 09/25/18 17:59 PM - Last Modified 04/10/25 08:25 AM
Resolution
Block-continue appears in the logs for the first URL that matches a category where the policy requires the user to click the continue button after being presented with the warning page.
After the user has clicked continue for a category, the logs for that category will show "continue" for the rest of the requests up until the point where the timeout has been reached. When the timeout is reached, the user will be presented with a new warning page and must click Continue again to proceed.
This timeout is configured on the Device > Setup > Content-ID tab.
owner: mbutt
Additional Information
- The block-continue/response page will face a limitation if you have the below setting enabled:
- Under Device> Setup> Session> SSL Decrypt Setting
- Send handshake messages to CTD for inspection is enabled
- This limitation is fixed on current latest releases PAN-268002 and you should see a response page instead of RST.
- From URL filtering it will show the action as block-continue:
But on the user side:
Global counters:
admin@PA-11-1> show counter global filter packet-filter yes delta yes
Global counters:
Elapsed time since last sampling: 6.187 seconds
name value rate severity category aspect description
--------------------------------------------------------------------------------
.....
session_discard 4 0 info session resource Session set to discard by security policy check
flow_action_close 4 0 drop flow pktproc TCP sessions closed via injecting RST
....
ctd_url_block_cont 4 0 info ctd pktproc sessions prompted with block/cont for url filtering <<<< block-continue action
.....
ssl_handshake_blocked 4 0 info ssl pktproc Number of sessions blocked based on SSL handshake <<<<<< send handshake to CTD blocked
--------------------------------------------------------------------------------