Make sure Command-and-Control is recognized by PAN-DB URL Filtering

Make sure Command-and-Control is recognized by PAN-DB URL Filtering

22883
Created On 09/25/18 19:30 PM - Last Modified 06/12/23 16:14 PM


Resolution


As the following blog shows, a new PAN-DB URL category, command-and-control, will be released.
https://live.paloaltonetworks.com/t5/Community-Blog/Command-and-Control-C2/ba-p/179026

This article introduces the steps to make sure that the command-and-control category is recognized by PAN-DB URL Filtering feature using the 'test url' command.

 

Prerequisite

 

  • PAN-DB URL Filtering is enabled on Palo Alto Networks firewall
  • Content Update 734 or later is installed on the Palo Alto Networks firewall

 After ensuring your firewall meets the prerequisites:

 

Step 1

Log in to your firewall managment WebUI with the administrative account.  The URL is http or https:// the management IP of your firewall.

 

Step 2

Go to Device > Setup > Content-ID and make sure there is no value in PAN-DB Server.  If there is any value in PAN-DB Server, please delete it and commit the change.

 

 

step.JPG

 

Step 3

Log in to your firewall managment CLI with the administrative account.

 

 

Run the following command to verify if the Command-and-Control category is properly recognized by PAN-DB URL Filtering feature.

admin@myNGFW>test url urlfiltering.paloaltonetworks.com/test-command-and-control

urlfiltering.paloaltonetworks.com/test-command-and-control command-and-control (Base db) expires in 1800 seconds
urlfiltering.paloaltonetworks.com/test-command-and-control command-and-control (Cloud db) 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClZNCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language