Working with Panorama URL Categories

ASMS now supports Panorama User-defined and Pre-defined URL Categories. This topic explains how you can work with Panorama URL Categories in ASMS.

Visibility

A new column, URL Category, is shown on the Policy tab and you can also search based on URL categories.

Reports

URL Categories information is incorporated in Reports. ASMS supports Risk Calculation for rules with URL Categories.

In Policy Optimization, you can also optimize policies based on the information shown in Covered Rules, Redundant Special Case Rules and Consolidated Rules. Likewise, Change data now shows URL Categories.

Traffic Simulation Queries

You can run TSQ using URL Category names and content (hostnames, websites, and IPs), as the destination.

Note: URL Category content refers to hostnames, websites, and IPs found either in the PAN published kbs or in the user-made URL category override file (see (optional) Enhance URL Category accuracy).

Examples of valid TSQ destinations:

  • social-networking

  • www.facebook.com

  • rnd.domain.com

  • 10.20.30.40

URL Categories and FireFlow tickets

When you create a Change Request for Panorama devices, in the destination field you can enter URL Categories or select them from the dropdown.

(optional) Enhance URL Category accuracy

Palo Alto Networks maintain an updated list of URL categories that are pre-defined on their devices.

ASMS does not sustain the entire URL Category list from the devices. Thus, by associating additional URLs, websites, domains and their IPs to selected categories, you can make ASMS more accurate (for TSQ, Risky Rules, FireFlow tickets, etc.).

You can create a URL Categories Override file in order to manage additional URLs and IPs. You can edit the override file manually or use the URL Categories APIs to automate the task.

To create the override file

  1. Login as afa user.
    (rw-r--r-- permissions are required for the url_categories.json file (644)).

  2. Run: 

    mkdir /home/afa/.fa/plugins/panorama/

  3. Run:

    cp /usr/share/fa/data/plugins/panorama/url_categories.json /home/afa/.fa/plugins/panorama/

  4. Run:

    chmod 644 /home/afa/.fa/plugins/panorama/url_categories.json

  1. Edit the file manually or use the URL Categories APIs to automate the task.

 

â See also: