topic Policy to allow specific Windows share in Next-Generation Firewall Discussions https://live.paloaltonetworks.com/t5/next-generation-firewall/policy-to-allow-specific-windows-share/m-p/578710#M2735 <P>I'm trying to find out if it's possible with a Palo firewall to allow access from a DMZ machine to a windows share on an internal file server, however, I would like to allow access to a specific share.&nbsp; The file server on the internal network has several internal use shares.&nbsp; I need a place for a DMZ hosted app to dump files on an internal server but I want to make sure that the system in the DMZ cannot access other shares on the server.&nbsp; I'm hoping I can avoid spinning up a dedicated server.&nbsp;&nbsp;</P> Wed, 28 Feb 2024 21:44:33 GMT dsmall-pa 2024-02-28T21:44:33Z Policy to allow specific Windows share https://live.paloaltonetworks.com/t5/next-generation-firewall/policy-to-allow-specific-windows-share/m-p/578710#M2735 <P>I'm trying to find out if it's possible with a Palo firewall to allow access from a DMZ machine to a windows share on an internal file server, however, I would like to allow access to a specific share.&nbsp; The file server on the internal network has several internal use shares.&nbsp; I need a place for a DMZ hosted app to dump files on an internal server but I want to make sure that the system in the DMZ cannot access other shares on the server.&nbsp; I'm hoping I can avoid spinning up a dedicated server.&nbsp;&nbsp;</P> Wed, 28 Feb 2024 21:44:33 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/policy-to-allow-specific-windows-share/m-p/578710#M2735 dsmall-pa 2024-02-28T21:44:33Z Re: Policy to allow specific Windows share https://live.paloaltonetworks.com/t5/next-generation-firewall/policy-to-allow-specific-windows-share/m-p/579312#M2762 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/287993">@dsmall-pa</a>&nbsp;,</P> <P>&nbsp;</P> <P>I haven't tested this myself but this should be possible in my opinion using custom vulnerability signatures.</P> <P><SPAN>There is a context called <STRONG>"ms-ds-smb-req-share-name"</STRONG> that you probably want to match on.</SPAN></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="kiwi_0-1709652259203.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/58058i2D82181E8A5663A5/image-size/large?v=v2&amp;px=999" role="button" title="kiwi_0-1709652259203.png" alt="kiwi_0-1709652259203.png" /></span></P> <P>&nbsp;</P> <P>Hope this helps,</P> <P>-Kim.</P> Tue, 05 Mar 2024 15:25:03 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/policy-to-allow-specific-windows-share/m-p/579312#M2762 kiwi 2024-03-05T15:25:03Z