Palo Alto Next Generation Firewall - Rulesets on UW-Madison Wireless and WiscVPN networks

This document summarizes the rules in place on Palo Alto Next Generation network firewalls for the UW-Madison Wireless and WiscVPN networks.


In order to reduce the risk of known threats, the UW-Madison Wireless UWNet/Eduroam and WiscVPN services implemented network protections using the advanced features of Palo Alto Networks' Next Generation Firewall.

Palo Alto Protections

The UWNet/Eduroam wireless service allows for protection of client devices though the use of Palo Alto's URL filtering security feature.
Web accesses to addresses associated with the following categories will be blocked:
  • command-and-control
  • phishing
  • malware

NO SSL decryption is enabled so no banking and passwords are decoded.

The web addresses mapped to these categories are updated periodically by Palo Alto.

More information about these categories can be found at


If a block to a web site (http) has been made during an interactive browsing session, the below message will be returned on the browser:
Web Page Blocked Pop-Up Phishing Example
If you believe a web site is incorrectly blocked, you can request that it be re-tested by Palo Alto at  The same link can also be used to learn if a web site is currently blocked.

You can also contact the DoIT Help Desk to report possible blocking issues with the campus Wireless and WiscVPN ruleset by calling 608-264-HELP or by sending an email to (monitored during business hours).

Keywordspalo alto next generation firewall rule ruleset wireless wiscvpn block web site   Doc ID86279
OwnerVincent A.GroupCybersecurity
Created2018-10-05 16:17:45Updated2023-10-09 09:43:23
SitesDoIT Help Desk, Office of Cybersecurity
Feedback  0   0