Palo Alto Networks® firewalls identify and control applications,
regardless of port, protocol, encryption (SSL or SSH) or evasive characteristics.
Deep Discovery Inspector can send IPv4,
domain, and URL suspicious objects to the URL category of Palo Alto Firewall or Palo
Alto Panorama™ as match criteria allow for exception-based behavior.
Use URL categories in policies as follows:
-
Identify and allow exceptions to general security policies for users who belong to
multiple
groups within Active Directory
Example: Deny access to malware and hacking sites for all users, while allowing access
to
users that belong to the security group.
-
Allow access to streaming media category, but apply quality of service policies to
control
bandwidth consumption
-
Prevent file download and upload for URL categories that represent higher risks
Example: Allow access to unknown sites, but prevent upload and download of executable
files
from unknown sites to limit malware propagation.
-
Apply SSL decryption policies that allow encrypted access to finance and shopping
categories,
but decrypt and inspect traffic to all other URL categories.