Is it possible to group countries?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Is it possible to group countries?

Not applicable

I want to be able to use a set of countries for some specific rules.  Is there any way to create a group with countries?

1 accepted solution

Accepted Solutions

L5 Sessionator

We dont have a feature of creating a group of countries and adding this group to a security policy. The closest that we can come to is to create a region, and include a bigger range of latitudes and longitudes, so that it covers as much countries as possible, and use this region under the policy. Otherwise you have to add the countries individually.

BR,

Karthik RP

View solution in original post

9 REPLIES 9

L5 Sessionator

We dont have a feature of creating a group of countries and adding this group to a security policy. The closest that we can come to is to create a region, and include a bigger range of latitudes and longitudes, so that it covers as much countries as possible, and use this region under the policy. Otherwise you have to add the countries individually.

BR,

Karthik RP

L5 Sessionator

Or what you can do is select the countries you want to allow and then check on the negate box. What this will do is all the countries in the list will not be blocked, and the rest will be.

BR,

Karthik

Thanks for the response.

Do you know if a feature like this in being worked on?

-Heath

L5 Sessionator

Following feature request has been filed on this

FR ID: 1284.Multiple Countries in a Single Object

You can request your local SE so he can also add you to this list.

Hope this helps.

Thanks

Numan



It is now 2021 and this is still not a feature on Palo Alto. I think it would be helpful for administration of the firewall security policy to be able to group countries in a single object so that it can be easily used in multiple rules.

Steven McFarland

L1 Bithead

i agree that this feature is far too long in the waiting. fortinet can do it. im doing it now!

Agreed at the very least we can use groups for continents. I think it's reasonable not to either have a NEQ rule denying all countries other than specified or to manually add 250+ countries.

L2 Linker

When is the feature coming? 

L0 Member

Also looking for this feature

  • 1 accepted solution
  • 7745 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!