We know that in Palo Alto, or in any NGFW, we can allow or block various URL categories. Speaking specifically about the Palo Alto firewall, let's say you have a strict URL filtering policy and decide to block the 'Shareware and Freeware' category.
When you do this, you'll likely have frustrated users complaining that they can't access sites like GitHub, for example.
But, What Did I Do?
So, what did I do now to cause another network issue? Well, Palo Alto categorizes github.com as 'Shareware and Freeware', so the firewall simply blocks it. There’s a high chance that many other useful sites will get blocked too.
A quick fix is to create a Custom URL Category and add the GitHub URL to it. However, this isn’t a scalable solution.
For instance, if I start with *.github.com, the firewall may block github.com. Then, if I add github.com, the firewall might block URLs like www.github.githubassets.com. To address this, I’d need to use a different wildcard, but we can’t keep doing this for every affected site.
Combining URL Categories
Instead of managing each URL individually like before, we can create a custom URL category by combining multiple predefined categories.
In this case, I can create a new Custom URL Category and include both 'Shareware and Freeware' and 'Low Risk'. I can then set the action to allow. This means that if a URL matches 'Shareware and Freeware' but is considered low risk, it will be allowed. Everything else will remain blocked.
Now, users should be able to access GitHub or any other site that falls under the 'Shareware and Freeware' category but is considered low risk.
