The logging entry with real-time-detection category is rarely seen.
8073
Created On 07/30/21 01:37 AM - Last Modified 04/22/24 20:28 PM
Symptom
- Firewall with Advanced URL Filtering valid license subscription is properly working and generating the logging entry with real-time-detection category when accessing the test sites mentioned
- No logging entry with real-time-detection category has been logged for the traffics associated to the below listed risky categories.
- High Risk
- Unknown
- Medium Risk
- Questionable
- Parked
- Web-hosting
- Insufficient-content
- Shareware-and-freeware
- Dynamic DNS
- Newly Registered Domain
Environment
- Advanced URL Filtering
- PANOS 9.1
- PANOS 10.0
- PANOS 10.1
Resolution
- When the firewall with Advanced URL Filtering valid license subscription handles the traffic from one of the above listed risky categories of PANDB URL filtering it sends the query to the Advanced URL Filtering server to validate the verdict of the site.
- If the Advanced URL Filtering server provides the "Benign" verdict for the risky category in question and the firewall receives it successfully, the firewall writes the logging entry with generic PANDB risky category for the traffic since the risky category is identified as "Benign" by the Advanced URL Filtering server.
- If the Advanced URL Filtering server provides either of "Malware" or "Command-and-Control" or "Phishing" or "Grayware" for the risky category in question, the firewall writes the logging entry with real-time-detection category for the traffic.
- The firewall never writes the logging entry with real-time-detection category for the traffic when it just sends the query to the Advanced URL Filtering server to validate the verdict of the site.