Security policy with URL category as a matching criteria not matching non-HTTP/s traffic

Security policy with URL category as a matching criteria not matching non-HTTP/s traffic

29332
Created On 08/14/19 12:33 PM - Last Modified 08/10/21 02:43 AM


Symptom


  • Security Policy configured to allow access to domains in Custom URL Category.
  • Traffic fails to match the domains and gets blocked by a rule further down the list.

Environment


  • Palo Alto Firewall.
  • PAN-OS 8.1 and above.
  • Custom URL configured.

Cause


URL categorization is meant to be utilized for browser-based (HTTP/S) traffic, and not as matching criteria for traffic initiated from native applications.

Resolution


For Non-HTTP/S traffic, Configure FQDN objects and use it as a match in the security Policy. Custom URL category is only meant to be used for browser-based (HTTP/S) traffic.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMaxCAG&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language