This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Nominated Discussion: Best Practice for Allow Internet IP

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Nominated Discussion: Best Practice for Allow Internet IP

JayGolf
Community Team Member

on ‎07-12-2022 12:46 PM - edited on ‎07-13-2022 05:34 AM by

100% helpful (1/1)

This article is based on a discussion, Best practice to allow Internet IPs, posted by @thanawat_l and answered by @PavelK . Read on to see the discussion and solution!

 

 I want to optimize my security policy. I have many rules that allow any, but I want to change from any to internet IP. Does PaloAlto have an Internet IP object by default? or how can I define internet IP space in address?

 

Screen Shot 2022-07-12 at 12.26.52 PM.png

Solution: You can do it reverse by using "negate" in policy to allow anything except reserved RFC1918 addresses that are not routable on the internet. 

 

For these ranges there are Palo Alto built-in objects including class D IP ranges that you can exclude from policy and allow anything also on internet.

 

 

Rate this article:
  • 1574 Views
  • 0 comments
  • 1 Likes
  • 270 Subscriptions
Register or Sign-in
Labels
Article Dashboard
Version history
Last Updated:
‎07-13-2022 05:34 AM
Updated by:
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks