Enable BrightCloud URL Filtering
Enable BrightCloud URL Filtering
Obtain and install a BrightCloud URL filtering license and confirm that it is installed. BrightCloud has an option in the URL filtering profile ( Objects > Security Profiles > URL Filtering) to either allow all categories or block all categories if the license expires. Select Device > Licenses and, in the License Management section, select the license installation method: Activate feature using authorization code Retrieve license keys from license server Manually upload license key After installing the license, confirm that the BrightCloud URL Filtering section, Date Expires field, displays a valid date.
Install the BrightCloud database. The way you do this depends on whether or not the firewall has direct Internet access. Firewall with Direct Internet Access Select Device > Licenses and in the BrightCloud URL Filtering section, Active field, click the Activate link to install the BrightCloud database. This operation automatically initiates a system reset. Firewall without Direct Internet Access Download the BrightCloud database to a host that has Internet access. The firewall must have access to the host: On a host with Internet access, go to the Palo Alto Networks Customer Support web site, www.paloaltonetworks.com/support/tabs/overview.html, and log in. In the Resources section, click Dynamic Updates. In the BrightCloud Database section, click Download and save the file to the host. Upload the database to the firewall: Log in to the firewall, select Device > Dynamic Updates and click Upload. For the Type, select URL Filtering. Enter the path to the File on the host or click Browse to find it, then click OK. When the Status is Completed, click Close. Install the database: Select Device > Dynamic Updates and click Install From File. For the Type, select URL Filtering. The firewall automatically selects the file you just uploaded. Click OK and, when the Result is Succeeded, click Close.
Enable cloud lookups for dynamically categorizing a URL if the category is not available on the local BrightCloud database. Access the PAN-OS CLI. Enter the following commands to enable dynamic URL filtering: configure set deviceconfig setting url dynamic-url yes commit
Schedule the firewall to download dynamic updates for Applications and Threats signatures and URL filtering. You can only schedule dynamic updates if the firewall has direct Internet access. The Applications and Threats updates might contain updates for URL filtering related to the Safe Search Enforcement option in the URL filtering profile. For example, if Palo Alto Networks adds support for a new search provider vendor or if the method used to detect the Safe Search setting for an existing vendor changes, the Application and Threats updates will include that update. BrightCloud updates include a database of approximately 20 million websites that are stored locally on the firewall. You must schedule URL filtering updates to receive BrightCloud database updates. A Threat Prevention license is required to receive Antivirus and Applications and Threats updates. Select Device > Dynamic Updates. In the Applications and Threats section, Schedule field, click the None link to schedule periodic updates. In the URL Filtering section, Schedule field, click the None link to schedule periodic updates. If updates are already scheduled in a section, the link text displays the schedule settings.

Related Documentation