How to Block/Alert Category of a Website that is Embedded in a Google Translate URL
Resolution
Overview
PAN-OS 6.0 contains a feature that automatically looks up the category of the original website, even when it is embedded or appended to the URL of the translation site. Some sites, such as https://translate.google.com/, are SSL-based. These sites require decryption on the URL Category translation to block the embedded sites. Below are the step-by-step instructions using https://translate.google.com as example.
Steps
- Create the URL Filtering Profile.
- Create a URL filtering profile and set an action alert on the translation category in order to see which translation website is being used.
- Set an Action to alert or block certain categories. For this example adult and gambling will be blocked.
- Create two security policies. a security policy to use URL Filtering profile.
Create a security policy to allow the traffic but block the website based on URL filtering profile. - Create a decryption policy for the website that are SSL based.
This document explains how to setup decryption: How to Implement SSL Decryption.
For this example only URL category translation is decrypted to block gambling when going to https://translate.google.com/.
Verification
Follow these steps to verify the setup is working.
- Go to the website https://translate.google.com.
- Translate website www.gambling.com in a different language.
Per the setup, www.gambling.com should be blocked. After translating, the blocked page will appear.
URL filtering logs should show 2 separate log entries for category translation and gambling.
owner: mbutt