Unable to block an URL with action block in the URL Filtering Profile

Unable to block an URL with action block in the URL Filtering Profile

706
Created On 10/02/25 16:24 PM - Last Modified 12/05/25 03:24 AM


Symptom


  • Unable to block a domain despite correct configuration in the Custom Category URL object and URL Filtering Profile.
  • Other URLs are blocked with the applied URL filtering profile, indicating general functionality.
  • Minimal traffic shows in monitor logs for the affected devices.
  • No record of the URL being allowed or denied in the logs.

Environment


  • Next Gen Firewalls (NGFW)
  • Prisma Access Firewalls
  • Supported PAN-OS

Cause


"Web Browser is using "quic" protocol for accessing URLs.

Resolution


Identify the "quic" protcol being used by trying the following.

 

  1. Run nslookup and get the destination IP addresses of the URL.
  2. Filter these IP address in the traffic logs.
  3. Verify if the traffic is matching the application quic.
  4. Confirm if the security policy allows the quic/SSL to pass through.
  5. Block this "quic" protocol/Application.
  6. Now the Firewall will block using SSL application, and It will be shown in the URL Filtering Profile logs with the correct security rule

Note: SSL decryption needs to be enabled for the destination URL traffic to identify and block the "quic" protocol/app.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000TNzyKAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail