You have installed a new URL filtering or Advance URL filtering license and wanted to test if the URL filtering is working correctly.
You wanted to debug the security policy and needed some test URLs to visit to verify if the URL filter and security policy are working correctly.
Environment
Any PAN-OS( Advance URL filtering only works with PAN-OS 9.0 and above)
Palo Alto Firewall.
URL Filtering.
Cause
How do I test whether our URL Filtering service properly enforces my organization’s policies for malicious and benign URLs?Palo Alto Networks provide these test URL pages whenever a new category is added.
Resolution
The testing has been done on a category based.
Benign categories: Visit the website to see if the designed policy is logged and enforced. You will see harmless categories like webmail, sports, and shopping.
Non-benign (Gray, malware, and phishing area): For testing Gray areas such as adult or restrictive sites, it is not advisable to visit them. Palo Alto Networks has created test URLs for all categories. These testing URLs are 100% benign and have been categorized into their respective categories for testing purposes.
For example, For the command-and-control category, the URLs is http://urlfiltering.paloaltonetworks.com/test-command-and-control . You will see respective logs; the following "blocked-continue page" will be displayed if the policy is configured as block-continue access to command-and-control categorized.
Another example, For social networking, you can visit: https://urlfiltering.paloaltonetworks.com/test-social-networking, and if your policy is to allow access to this category, you will see the following result. ( decryption needed for HTTPS sites that have patterns like /test-social-networking)
URLs can have four categories Risk level, content, Function, and Security Assessment, as defined below with examples. We have test URLs for all the cases.