Use Cases and Deployment Scope
We currently utilize Palo Alto Networks URL Filtering PAN-DB for controlling access for users and user groups in Active Directory. For example, we have groups setup in Active Directory to allow access to say Dropbox. This AD group is then tied into a URL Filtering rule in the security policy to allow whatever application access you configure. This serves us in a few ways.
- We do not have to create a Firewall change request to add a user to a URL application such as dropbox, rather just add the username into the AD group.
- Much easier to maintain access for control and Audit purposes when adding or removing a user's permissions.