URL filtering category "ransomware" shows up as "unknown" in Panorama, but on the firewall is showing up as it should.

• With the release of content version 8592 the new URL category "Ransomware" was introduced.
• URL category "ransomware" shows up as "unknown" in Panorama's URL FIltering logs, whereas it is correctly displayed in the Firewall's URL FIltering Logs.

• PAN-OS 9.1.x
• PAN-OS 10.1.x
• URL category ransomware
• URL filtering  

• Panorama and the firewall are running different versions of the major release of PAN-OS
• Different software-versions have different category-ID representations.

Resolution:

Upgrade the Firewall to be in the same/major version as that of Panorama

Workaround:

1.  Create a custom category and add "Ransomware" and  "Malware" under the category match
2.  GUI: Objects > Customer Objects > URL category > add
3. Select the type to be "Category Match"
4. Once Created, this custom Category will automatically be added under each "URL Filtering Profile"
5. Now set the action of this category to "Block".
6. "Commit" the configuration.

• With this workaround any URL categorized as ransomware will show up as this new custom category ("Ransomware1" in this example).
• This category name will also be the same under Panorama so one can continue to monitor using this custom category.