https://live.paloaltonetworks.com/t5/general-topics/honeypot-block-ips/m-p/541570#M110998 <P>We are looking at creating a Honeypot Website. The idea is to set it up with a much more restricted vulnerability profile so when hackers are scanning for certain vulnerabilities in the low and informational category their IP is blocked. The question I have is whether this is a global block, as in that IP would be blocked from hitting any externally facing site, or it will only be blocked from the honeypot. I assume it is globally by documentation, but want to make sure.&nbsp;</P> Tue, 09 May 2023 14:11:04 GMT craymond 2023-05-09T14:11:04Z https://live.paloaltonetworks.com/t5/general-topics/honeypot-block-ips/m-p/541570#M110998 <P>We are looking at creating a Honeypot Website. The idea is to set it up with a much more restricted vulnerability profile so when hackers are scanning for certain vulnerabilities in the low and informational category their IP is blocked. The question I have is whether this is a global block, as in that IP would be blocked from hitting any externally facing site, or it will only be blocked from the honeypot. I assume it is globally by documentation, but want to make sure.&nbsp;</P> Tue, 09 May 2023 14:11:04 GMT https://live.paloaltonetworks.com/t5/general-topics/honeypot-block-ips/m-p/541570#M110998 craymond 2023-05-09T14:11:04Z https://live.paloaltonetworks.com/t5/general-topics/honeypot-block-ips/m-p/541575#M110999 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/28274">@craymond</a>,</P> <P>By default the traffic would just be blocked. You'll want to take a look at auto-tagging and use the associated tag to deny the traffic however you want within your environment. Alternatively you could also use the XML API to perform the same thing if you didn't want to deal with Auto-Tagging.</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/policy/use-auto-tagging-to-automate-security-actions" target="_blank">https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/policy/use-auto-tagging-to-automate-security-actions#idbd42a246-f8f3-4ddc-9487-f086d3d36f1c</A></P> Tue, 09 May 2023 14:52:58 GMT https://live.paloaltonetworks.com/t5/general-topics/honeypot-block-ips/m-p/541575#M110999 BPry 2023-05-09T14:52:58Z https://live.paloaltonetworks.com/t5/general-topics/honeypot-block-ips/m-p/541608#M111002 <P>Thank you BPry - The autotagging feature is a great idea.</P> Tue, 09 May 2023 17:56:56 GMT https://live.paloaltonetworks.com/t5/general-topics/honeypot-block-ips/m-p/541608#M111002 craymond 2023-05-09T17:56:56Z