6.9 Ensure that PAN-DB URL Filtering is used

Information

Configure the device to use PAN-DB URL Filtering instead of BrightCloud.
Rationale:
Standard URL filtering provides protection against inappropriate and malicious URLs and IP addresses. PAN-DB URL Filtering is slightly less granular than the BrightCloud URL filtering. However the PAN-DB Filter offers additional malware protection and PAN threat intelligence by using the Wildfire service as an additional input, which is currently not available in the BrightCloud URL Filtering license. This makes the PAN-DB filter more responsive to specific malware "campaigns".

Solution

Navigate to Device > Licenses.
Click on PAN-DB URL Filtering.
Set Active to Yes.
Impact:
Not having an effective URL Filtering configuration can leave an organization open to legal action, internal HR issues, non-compliance with regulatory policies or productivity loss.
Default Value:
Not Configured

See Also

https://workbench.cisecurity.org/files/2104

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT

References: 800-53|AC-4(8), 800-53|CM-6b., CSCv6|7.6, CSCv7|7.4, CSCv7|7.5

Plugin: Palo_Alto

Control ID: 44ec911e525d9e8932f73a787540aa0162f17ab58b08c1710371b6c3d939979f