Verify that you have an active legacy URL filtering or Advanced URL Filtering
subscription.
Select
Device
Licenses
and confirm that a URL filtering license is available and has
not expired.
Configure the URL Filtering Inline ML settings in a URL Filtering
profile.
Select
Objects
Security Profiles
URL Filtering
, then
Add
or select a URL
Filtering profile.
Select
Inline ML
and define an
Action
for each inline ML model.
There are two classification engines available for each type of
malicious webpage content:
Phishing
and
JavaScript Exploit
.
Block
—When the firewall detects a website with
phishing content, the firewall generates a URL Filtering
log entry.
Alert
—The firewall allows access to the website
and generates a URL Filtering log entry.
Allow
—The firewall allows access to the website
but does not generate a URL Filtering log entry.
Click
OK
to save your changes.
Commit
your changes.
(Optional)
Add URL exceptions to your URL Filtering profile if you
encounter false-positives.
You can add exceptions by specifying an external dynamic list in the URL
Filtering profile or by adding a web page entry from the URL Filtering logs to a
custom URL
category.
Select
Objects > Security Profiles > URL
Filtering
.
Select a URL Filtering profile for which you want to exclude specific
URLs, then select
Inline ML
.
Add
a pre-existing external dynamic list of URL
type. If none is available, create a new external dynamic list.
Click
OK
to save your changes.
Commit
your changes.
Add file exceptions from URL Filtering log entries.
Select
Monitor > Logs > URL Filtering
and filter
the logs for URL entries with an Inline ML Verdict of
malicious-javascript
or
phishing
. Select a URL Filtering log for a
URL that you wish to create an exception for.
Go to the
Detailed Log View
and scroll down to
the
Details
pane, then select
Create
Exception
located next to the
Inline ML
Verdict
.
Select a custom category for the URL exception, then click
OK
.
The new URL exception can be found in the list to which it was added,
under
Objects > Custom Objects > URL
Category
.
(Optional)
Verify the status of your firewall’s connectivity to the
inline ML cloud service.
Use the following CLI command on the firewall to view the connection
status.
show mlav cloud-status
For example:
show mlav cloud-status
MLAV cloud
Current cloud server: ml.service.paloaltonetworks.com
Cloud connection: connected
If you are unable to connect to the inline ML cloud service, verify that the
ML domain ml.service.paloaltonetworks.com is not blocked.