How to Block/Alert Category of a Website that is Embedded in a Google Translate URL

Overview

PAN-OS 6.0 contains a feature that automatically looks up the category of the original website, even when it is embedded or appended to the URL of the translation site. Some sites, such as https://translate.google.com/, are SSL-based. These sites require decryption on the URL Category translation to block the embedded sites. Below are the step-by-step instructions using https://translate.google.com as example.

Steps

1. Create the URL Filtering Profile.
   1. Create a URL filtering profile and set an action alert on the translation category in order to see which translation website is being used.
   2. Set an Action to alert or block certain categories. For this example adult and gambling will be blocked.
      
2. Create two security policies. a security policy to use URL Filtering profile.
   Create a security policy to allow the traffic but block the website based on URL filtering profile.
   
   
3. Create a decryption policy for the website that are SSL based.
   This document explains how to setup decryption: How to Implement SSL Decryption.

For this example only URL category translation is decrypted to block gambling when going to https://translate.google.com/.

Verification

Follow these steps to verify the setup is working.

1. Go to the website https://translate.google.com.
2. Translate website www.gambling.com in a different language.
   

Per the setup, www.gambling.com should be blocked. After translating, the blocked page will appear.

URL filtering logs should show 2 separate log entries for category translation and gambling.

owner: mbutt