Allow Access To Certain URLs Matching A Blocked URL Category

Allow Access To Certain URLs Matching A Blocked URL Category

33035
Created On 02/13/21 02:15 AM - Last Modified 02/13/21 03:14 AM


Symptom


Assuming the URL category 'news' is being blocked by URL filtering. However, there is a business need to allow the URL reddit.com/r/paloaltonetworks but this is also being blocked.

Blocked page
 

Environment


  • All versions of PAN-OS
  • URL filtering profile in security policy
  • Decryption is enabled

Cause


There is currently no way of achieving this through URL filtering because filtering on predefined categories is all-or-nothing. The traffic matches a policy that has a filter for blocking 'news' sites:

Policies --> Security --> Name --> Actions:

Security policy

Resolution


  1. Create a custom URL object.
Objects --> URL Category --> Add:

Custom URL objects
  1. Create a new security policy and add this object to the Service/URL Category tab of the security policy. This security rule must be placed above the existing policy.
Policies --> Security --> Name --> Service/URL category:

User-added image
  1. Commit the change.

Users should now be able to access the allowed URL:

webpage

 

Additional Information


This article assumes that the reader is familiar with URL filtering and SSL decryption.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCtJCAW&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language