Information
Enable both 'Local Inline Categorization' and 'Cloud Inline Categorization' on URL Filtering profiles to evaluate suspicious web page contents in real-time to protect users against zero-day threats.
Rationale:
Starting from PanOS 10, Palo Alto Networks Advanced URL Filtering now operates a series of inline cloud-based deep learning detectors that evaluate suspicious web page contents in real-time to protect users against zero-day threats. This includes cloaked websites, multi-step attacks, CAPTCHA challenges, and previously unseen one-time-use URLs.
Solution
Navigate to Objects > Security Profiles > URL Filtering
Go to Inline Categorization tab. Tick the checkbox for both Enable local inline categorization and Enable cloud inline categorization.
Note that:
Firewall device certificate is used to authenticate to the Advanced Threat Prevention inline cloud analysis service. This step is required before 'Inline Cloud Analysis' can be used. Refer to reference for detailed guide.
'Local Inline Categorization' can be enabled with just the URL Filtering license (no Advanced Threat Prevention is needed).
Default Value:
Not Configured