Content filtering techniques on Palo Alto firewall
1. URL filtering
URL filtering allows you to block web browsing based on URL
category.
For example, you could block these categories available on
Palo Alto - abused drugs, alcohol and tobacco, phishing, peer to peer.
Palo Alto also allows you to check URL category for a
particular website.
'Check URL category' feature on Palo Alto firewall will
redirect the user to a website where URL category can easily be determined.
You can also create a custom URL category and specify
websites here in the URL category.
The URL category can then be controlled using actions like
alert, allow, block, continue, override.
More on the actions is here
Response pages is something where the user
would see a particular HTML page.
And this page would notify the user that URL is not allowed
as per the internal company policy.
2. Application based filtering
Palo Alto firewalls have the App ID feature.
This essentially allows users to block applications like
dropbox, skype very easliy.
So when you configure the security policy on Palo Alto, you
specify the application type in addition to other parameters like
a. Source zone
b. Source user
c. Source IP
d. Destination zone
e. Destination IP
f. Application - YOU SPECIFY THE APP HERE
g. LEAVE SERVICE TO APPLICATION DEFAULT
h. URL category
i. Action
j. Security Profiles
3. File blocking
Here you could block upload/download of specific file types
like .exe, .pdf, .rar
And these file types could be blocked for specific
applications like gmail.
Several actions are available namely:
a. Alert
b. Block
c. Continue
d. Forward
e. Continue and Forward
You may find more on these different actions here
No comments:
Post a Comment