Why do I notice medium-risk for the URL category "unknown" for some traffic and high-risk" for other traffic

Why do I notice medium-risk for the URL category "unknown" for some traffic and high-risk" for other traffic

2710
Created On 09/21/23 13:26 PM - Last Modified 03/11/25 23:27 PM


Question


Why do I notice "medium-risk" for the URL category "unknown" for some traffic and "high-risk" for other traffic?

 

Environment


  • Palo Alto Firewalls
  • PAN-OS 9.1 and above
  • URL Category

Answer


  1. As per Advanced URL Filtering, a site with an "unknown" category should receive a high-risk.
  2. But when an IP address is unknown, the IP address risk level is set to "medium risk" till the PAN-DB completes site analysis and categorization. 
  3. If there is insufficient info the risk category  may not change.
     
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000XgaPCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language