Advanced URL Filtering (preceded by URL Filtering) is a subscription service that protects your network and its users against malicious and evasive web-based threats—both known and unknown. The subscription provides the same functionality as URL Filtering—granular URL filtering control, visibility into user web activity, safe search enforcement, and credential phishing prevention—with the addition of full web content inspection using an inline machine learning-based web security engine. The inline web security engine enables real-time analysis and categorization of URLs that are not present in PAN-DB, Palo Alto Networks cloud-based URL database. Then, the engine determines the action the firewall takes.

Advanced URL Filtering protects against malicious URLs that are updated or introduced before PAN-DB has analyzed and added them to the database. With Advanced URL Filtering enabled, URL requests are:

Advanced URL Filtering licenses are supported on next-generation firewalls running PAN-OS 9.1 and later. You can manage URL filtering features on the PAN-OS and Panorama web interface, Prisma Access, and Cloud NGFW platforms. However, some URL filtering features are not available on each platform.

If network security requirements in your enterprise prohibit the firewalls from directly accessing the Internet, Palo Alto Networks provides an offline URL filtering solution with the PAN-DB private cloud. You can deploy a PAN-DB private cloud on one or more M-600 appliances that function as PAN-DB servers within your network; however, the private cloud does not support any of the cloud-based URL analysis features provided by the Advanced URL Filtering solution.