Product Id: 28731201
Description: Palo URL Filtering for PA-500 - Subscription license renewal (1 year) - 1 firewall
Mfr Part #: PAN-PA-500-URL4-R
Fully integrated URL filtering database enables policy control over web browsing activity, complementing the policy-based application visibility and control that the Palo Alto Networks firewalls deliver.
Stand-alone URL filtering solution is an insufficient control mechanism because it is easily bypassed with external proxies (PHproxy, CGIproxy), circumventors (TOR, UltraSurf, Hamachi) and remote desktop access tools. Controlling user activity requires a multi-faceted approach that implements policies to control web activity and the applications that are commonly used to bypass traditional security mechanisms.
Palo Alto Networks' firewalls identify and control more than 800 applications, irrespective of port, protocol or SSL encryption or evasive characteristic. Once identified, the application identity, not the port or protocol, becomes the basis of all security policies, resulting in the restoration of application control. Acting as the perfect complement to policy-based application control is an on-box URL filtering database that provides control over non-work related web activity. By addressing the lack of visibility and control from both the application and web perspective, enterprises are safeguarded from a full spectrum of legal, regulatory, productivity and resource utilization risks.
- Block access to non-desirable web sites to reduce security, legal and regulatory risks
- Reduce malware incidents by prohibiting access to known malware and phishing download sites
- Tailor web filtering control efforts with allow list, deny list and database customization
- Facilitate SSL decryption policies such as "don't decrypt traffic to financial services sites" but "decrypt traffic to blog sites"
- Policy-based control over applications and web surfing
Tech-savvy users know how to get around URL filtering controls using applications such as TOR, Hamachi, UltraSurf, or external proxies. Palo Alto Networks identifies all of these applications and more, enabling policies to be set that block them from being used - a critical complimentary component to URL filtering. Once application control policies are enabled, security administrators can implement URL filtering policies to further control employee and network activity.
- Customizable URL database
To accommodate the rapidly expanding number of URLs, as well as regional and industry-specific URLs, the 20 M on-box URL database can be augmented to suit the traffic patterns of the local user community. If a URL is detected that is not categorized by the local URL database, the firewall can request the category from a hosted URL database which has over 180 M URLs. The URL is then cached locally in a separate 1 M URL capacity database. In addition to database customization, administrators can use block list/allow list options, customizable block pages, password enabled access and user override to enable flexible yet enforceable web activity policies.
- Customizable end-user notification
Each enterprise has different requirements regarding how to inform end users that they are attempting to visit a web page that is blocked according to the corporate policy and associated URL filtering profile. To accomplish this goal, administrators can use a custom block page to notify end users of the policy violation. The page can include references to the username, IP address, the URL attempting to be accessed and the category of the URL.
- Deployment flexibility
The unlimited user license behind each URL filtering subscription and the high performance nature of the Palo Alto Networks firewalls means that enterprise customers CAN deploy a single appliance to control web activity for an entire user community without worrying about cost variations associated with user-based licensing.