When working with Next-Generation Firewalls (NGFWs), you may come across situations where you need to block specific websites. In this blog post, we'll explore how to block specific sites using a Palo Alto firewall. There are two ways to achieve this, and we'll cover both options.
Suresh Vina
A Quick Recap on URL Filtering
This blog post assumes you have some familiarity with URL filtering. In a typical setup, you create a URL Filtering profile, configure the categories to allow or block, and attach this profile to your security policies.
Depending on your security requirements, you might block entire categories such as gambling, terrorism, or proxy sites. However, there are times when you only need to block specific sites rather than an entire category.
In this blog post, we'll use cnn.com and samsung.com as examples (no hard feelings toward them, these were just the first sites that came to mind, haha 🙂).
Method 1 - Block the Site in the URL Filtering Profile
First, define the URL in a URL Category. To do this, navigate to Objects > Custom Objects > URL Category. Regardless of the method you choose, this step is required.
Here, create a new Custom URL Category. I usually name it 'Block List' and include all the sites here, but you can also maintain multiple lists if needed. Add both cnn.com and samsung.com here. You can use a wildcard for broader matches or specify the exact URL if you just want to block that specific URL. Here *.cnn.com will match www.cnn.com or edition.cnn.com
Once the custom URL category is created, it will appear in your URL Filtering profile. By default, the access is set to 'none.', change this to 'block'
Please make sure this profile is applied to the security policy that allows general Internet access.
Method 2 - Create a New Security Policy
The second method involves creating a new security policy, which should be placed above your existing one. You’ll still need the Custom URL Category created in the first method. However, you can revert the access setting for the category in the URL Filtering profile back to 'none.'
Next, create a new security policy where you can define the Source and Destination as usual. Under Service/URL Category, add the custom URL category.
If we try to access either cnn.com or samsung.com, the traffic will match this new policy and be blocked.
The end result is the same, but this approach requires creating a new policy above any existing policies that permit general internet access.
Closing Up
I’ll cover this in a future post, focusing on using SSL decryption for more granular control. For example, with decryption, you can block specific URLs like cnn.com/tech/article-1 while allowing access to everything else on the site. Without decryption, such precise control isn’t possible. Stay tuned, and don’t forget to subscribe for updates!
