URL Filtering

>>URL Filtering Security Profiles

Challenges with Preventing Web-Based Threats

Enable business without compromising security

Encrypted web content

Silo management

URL Filtering Features

license required or no license required ---> Firewall

2 methods

Security policies or URL filtering

URL Filtering Profiles

URL Category: Policy Versus Profile

Policies > Security

URL Filtering Log

URL Filtering Security Profile

Objects > Security Profiles > URL Filtering

..default profile is configured to block websites such as known malware sites, phishing sites, and adult..

URL Filtering Security Default Categories

Multi-Category and Risk Based URL Filtering

Objects > Custom Objects > URL Category

Categories indicate:
•The site’s risk
•The site’s content
•The site’s purpose or function

Configure Per-URL Category Actions

URL matching order:
1.Custom URL categories*
2.External Dynamic Lists*
3.PAN DB firewall cache
4.PAN DB cloud

Configure a Custom URL Category

Objects > Custom Objects > URL Category > Add

URL Filtering Response Pages

3 types

URL Admin Settings

Device > Setup > Content ID > URL Admin Override > Add

Configure URL Admin Override password.

Device > Setup > Content ID > URL Filtering

Configure URL Admin Override password timeout period.

Configure Safe Search and Logging Options

Objects > Security Profiles URL Filtering > Add

HTTP Header Insertion and Modification

Real-Time Webpage Analysis

Recommendations for Unknown URL Category

Recommendations for Not Resolved URL Category

URL Filtering Action Precedence

Recategorization Request: Via Log Entries

Monitor > Logs > URL Filtering

Recategorization Requests: Via Webpage

>>Attaching URL Filtering Profiles to Policy Rules

Use a URL Filtering Profile

Assigning URL Profile to Security Rules

Policies > Security > Add

1. Which URL Filtering Profile action will result in a user being interactively prompted for a password?
a. alert
b. allow
c. continue
d. override

override: A response page is sent to the user’s browser that prompts the user for the administrator defined override password and the firewall logs the action to the URL Filtering log

2. According to best practices, which two URL filtering categories should be blocked in most URL Filtering
Profiles? (Choose two.)
a. high risk
b. medium risk
c. new registered domain
d. adult

Best practice is to block high risk and new registered domain in URL Filtering Profiles.

3. Which three statements are true regarding Safe Search Enforcement? (Choose three.)
a. Safe search is a web server setting.
b. Safe search is a web browser setting.
c. Safe search is a best effort setting.
d. Safe search is designed to block violent web content.
e. Safe search works only in conjunction with credential submission websites.

4. True or false? A URL Filtering license is not required to define and use custom URL categories.
a. true
b. false

1. Which Palo Alto Networks Next Generation Firewall URL Category Action sends a response page to the user’s browser that prompts the user for the administrator-defined override password, and logs the action to the URL Filtering log?

continue

block

alert

override

2.Which Next Generation Firewall URL filter setting is used to prevent users who use the Google, Yahoo, Bing, Yandex, or YouTube search engines from viewing search results unless their browser is configured with the strict safe search option.

User Credential Detection

HTTP Header Logging

Safe Search Enforcement

Log Container Page Only

3. A "continue" action can be configured on the following security profiles in the Next Generation firewall:

URL Filtering NO

URL Filtering and File Blocking

URL Filtering and Antivirus

URL Filtering, File Blocking, and Data Filtering No

4. Which URL filtering security profile action logs the category to the URL filtering log?

Allow

Default

Log

Alert

5.Which is the correct URL matching order on a Palo Alto Networks Next Generation Firewall?

Block, Allow, Custom URL, External Dynamic, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud

Block, Allow, External Dynamic, Custom URL, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud

Allow, Block, Custom URL, External Dynamic, PAN-DB Cache, PAN-DB Download, PAN-DB Cloud

Block, Allow, Custom URL, External Dynamic, PAN-DB Download, PAN-DB Cloud, PAN-DB Cache

6. Which URL Filtering Profile action will result in a user being interactively prompted for a password?