https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/security-setting-allowed-sessions-via-approved-domains/m-p/594098#M7032 <P>How does the security feature Allowed Sessions works via approved domains? Does it just reverse lookup the source IP?<BR /><BR />BR&nbsp;<BR />Dennis</P> Tue, 06 Aug 2024 09:07:09 GMT DennisHager 2024-08-06T09:07:09Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/security-setting-allowed-sessions-via-approved-domains/m-p/594098#M7032 <P>How does the security feature Allowed Sessions works via approved domains? Does it just reverse lookup the source IP?<BR /><BR />BR&nbsp;<BR />Dennis</P> Tue, 06 Aug 2024 09:07:09 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/security-setting-allowed-sessions-via-approved-domains/m-p/594098#M7032 DennisHager 2024-08-06T09:07:09Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/security-setting-allowed-sessions-via-approved-domains/m-p/594115#M7035 <P>Allowed sessions is to control who can login into the xdr console.</P> <P>If you add your organization domain in allowed domains, then only users from that domain would be allowed.</P> <P>E.g. I add abc.com as the allowed domains then any user login using user1@abc.com would be allowed whereas user1.xyz.com would not be able to access the xdr console.</P> <P>Allowed Ips restricts logins by ip address ranges.</P> <P>If you enable both, then it combination of domain and ip range.</P> <P>So user1 has been to user1@abc.com and his connection to xdr console should be coming from the approved ip range</P> Tue, 06 Aug 2024 10:53:45 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/security-setting-allowed-sessions-via-approved-domains/m-p/594115#M7035 Fm12345 2024-08-06T10:53:45Z