topic Re: pa3220 POS 9.1.5 in Advanced Threat Prevention Discussions https://live.paloaltonetworks.com/t5/advanced-threat-prevention/pa3220-pos-9-1-5/m-p/393604#M1099 <P>Hello,</P> <P>The answer is it depends. If you ask me, I have whitelist policies to allow inbound traffic. It would depend on what you have exposed, e.g. inbound traffic. If you have nothing, I say block it all unless it needs to connect for something, i.e. VPN, web server, etc. What I would start with are 'Negate' ( negate = not equal to ) policies. Say block everything except the US, but you only have to put the US and then Negate so you dont have to list everything.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="OtakarKlier_0-1616621346792.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/30529i24B6710A27B5A52E/image-size/medium?v=v2&amp;px=400" role="button" title="OtakarKlier_0-1616621346792.png" alt="OtakarKlier_0-1616621346792.png" /></span></P> <P>&nbsp;</P> <P>Hope that helps.</P> Wed, 24 Mar 2021 21:29:22 GMT OtakarKlier 2021-03-24T21:29:22Z pa3220 POS 9.1.5 https://live.paloaltonetworks.com/t5/advanced-threat-prevention/pa3220-pos-9-1-5/m-p/390936#M1091 <P>howdy,</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PA200-1_0-1615575482670.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/30312iF9EFD8AFE1AAB022/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="PA200-1_0-1615575482670.png" alt="PA200-1_0-1615575482670.png" /></span></P><P>The short question is a block country rule on 1/8 the thing to do?</P><P>or&nbsp; a white list of ip? and apps?</P><P>Thank you</P><P>Mike</P> Fri, 12 Mar 2021 19:00:26 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/pa3220-pos-9-1-5/m-p/390936#M1091 PA200-1 2021-03-12T19:00:26Z Re: pa3220 POS 9.1.5 https://live.paloaltonetworks.com/t5/advanced-threat-prevention/pa3220-pos-9-1-5/m-p/393604#M1099 <P>Hello,</P> <P>The answer is it depends. If you ask me, I have whitelist policies to allow inbound traffic. It would depend on what you have exposed, e.g. inbound traffic. If you have nothing, I say block it all unless it needs to connect for something, i.e. VPN, web server, etc. What I would start with are 'Negate' ( negate = not equal to ) policies. Say block everything except the US, but you only have to put the US and then Negate so you dont have to list everything.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="OtakarKlier_0-1616621346792.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/30529i24B6710A27B5A52E/image-size/medium?v=v2&amp;px=400" role="button" title="OtakarKlier_0-1616621346792.png" alt="OtakarKlier_0-1616621346792.png" /></span></P> <P>&nbsp;</P> <P>Hope that helps.</P> Wed, 24 Mar 2021 21:29:22 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/pa3220-pos-9-1-5/m-p/393604#M1099 OtakarKlier 2021-03-24T21:29:22Z