When two identical EDL URL categories are configured in the security policies, the traffic may not match the intended policy.

When two identical EDL URL categories are configured in the security policies, the traffic may not match the intended policy.

3885
Created On 06/10/24 23:44 PM - Last Modified 06/11/24 23:09 PM


Symptom


  • Multiple security Policies are configured.
  • Each security Policy is configured with EDL URLs.
  • The configured EDL URL categories are "identical" across these policies.
  • When the traffic match occurs, it may not match the intended policy.
  • The traffic log shows the incorrectly matched policies.

Environment


  • PANOS versions 10.1.x and above
  • External Dynamic List (EDL) URL categories.

Cause


Due to the EDL URL categories being identical, the logic may not match the intended policy.

Resolution


  1. Remove the overlap of the custom URL categories, External Dynamic Lists (EDL-URLs), and predefined categories from the configured securities
  2. Alternatively, remove the security policy with identical EDL URL category
  3. Commit the changes.
Note: Enhancements to handle this scenario are underway. ETA is unknown.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HDKPCA4&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language