Palo Alto Networks Knowledgebase: XenServer Open Source Virtualization Platform not Working with URL Filtering Enabled

XenServer Open Source Virtualization Platform not Working with URL Filtering Enabled

Created On 02/07/19 23:39 PM - Last Updated 02/07/19 23:39 PM
Device Management Initial Configuration Installation QoS Zone and DoS Protection


XenServer Open Source Virtualization platform, which uses an SSL connection to manage remote servers, is not working with URL filtering enabled and a category set unknown to continue. The platform is not working even though the interested traffic is hitting the right security rule and is being allowed as per the monitor logs.



When traffic is identified as an unknown url category and when the action for an unknown category is set to continue, the firewall would try to present a continue page and expect a response from it. Since this is an SSL connection and not a web browser, this continue page cannot be seen and therefore traffic does not continue to flow.



When you launch the XenServer platform and check the session details the active SSL session looks like this:


If a user accesses any of the servers listed, the sessions could appear undecided and the session could look like this:


The url category displays as unknown. If a user checks the respective url filtering profile, the action for the unknown category would be configured as continue.




If a user changes this action to alert or allow the issue will be fixed. All interested traffic will be displayed and identified as SSL. Now the servers can be accessed and the real time update could be seen as expected.




owner: skumar1


  • Print
  • Copy Link

Choose Language