Palo Alto Networks URL Filtering Solution
Palo Alto Networks URL filtering solution enables you
to block and allow access to websites based on URL category and
information such as user and group.
Where can I use
this? | What do I need? |
- Prisma Access (Managed by Strata Cloud Manager)
- Prisma Access (Managed by Panorama)
- NGFW (Managed by Strata Cloud Manager)
- NGFW (Managed by PAN-OS or Panorama)
|
|
Advanced URL Filtering (preceded by URL Filtering) is a subscription
service that protects your network and its users against malicious
and evasive web-based threats—both known and unknown. The subscription
provides the same functionality as URL Filtering—granular URL filtering
control, visibility into user web activity, safe search enforcement,
and credential phishing prevention—with the addition of full web
content inspection using an inline machine learning-based web security
engine. The inline web security engine enables real-time analysis
and categorization of URLs that are not present in PAN-DB, Palo
Alto Networks cloud-based URL database. Then, the engine determines
the action the firewall takes.
Advanced URL Filtering protects against malicious URLs that are
updated or introduced before PAN-DB has analyzed and added them
to the database. With Advanced URL Filtering enabled, URL requests
are:
Advanced URL Filtering licenses are supported on next-generation firewalls running PAN-OS 9.1 and
later. You can manage URL filtering features on the PAN-OS and Panorama web interface,
Prisma Access, and Cloud NGFW platforms. However, some URL filtering features
are not available on each platform.
If network security requirements in your enterprise prohibit
the firewalls from directly accessing the Internet, Palo Alto Networks
provides an offline URL filtering solution with the
PAN-DB private
cloud. You can deploy a PAN-DB private cloud on one or more
M-600 appliances that function as PAN-DB servers within your network;
however, the private cloud does not support any of the cloud-based
URL analysis features provided by the Advanced URL Filtering solution.
Legacy URL Filtering Subscription
URL Filtering enforces policy rules for websites stored in your local cache or PAN-DB. When a
user requests a website, the firewall checks the local cache for its URL category.
If the website isn't in the cache, the firewall queries PAN-DB to decide which
action to apply. As a result, attackers are better able to launch precision attack
campaigns using URLs that aren't present in the cloud-based database.
Legacy subscription holders can continue using their URL filtering deployment until the end of
the license term.