Sunday, March 20, 2016

Content Filtering Techniques on Palo Alto Firewall

Content filtering techniques on Palo Alto firewall


1. URL filtering

URL filtering allows you to block web browsing based on URL category.

For example, you could block these categories available on Palo Alto - abused drugs, alcohol and tobacco, phishing, peer to peer.

Palo Alto also allows you to check URL category for a particular website.
'Check URL category' feature on Palo Alto firewall will redirect the user to a website where URL category can easily be determined.

You can also create a custom URL category and specify websites here in the URL category.
The URL category can then be controlled using actions like alert, allow, block, continue, override.

More on the actions is here

Response pages is something where the user would see a particular HTML page.
And this page would notify the user that URL is not allowed as per the internal company policy.


2. Application based filtering
Palo Alto firewalls have the App ID feature.
This essentially allows users to block applications like dropbox, skype very easliy.

So when you configure the security policy on Palo Alto, you specify the application type in addition to other parameters like

a. Source zone
b. Source user
c. Source IP
d. Destination zone
e. Destination IP
f. Application - YOU SPECIFY THE APP HERE
g. LEAVE SERVICE TO APPLICATION DEFAULT
h. URL category
i. Action
j. Security Profiles


3. File blocking
Here you could block upload/download of specific file types like .exe, .pdf, .rar
And these file types could be blocked for specific applications like gmail.
Several actions are available namely:
a. Alert
b. Block
c. Continue
d. Forward
e. Continue and Forward

You may find more on these different actions here


No comments:

Post a Comment