https://live.paloaltonetworks.com/t5/general-topics/block-interne/m-p/34791#M25539 <HTML><HEAD></HEAD><BODY><P>Hi satish,</P><P></P><P>By default In-coming Internet traffic is blocked for any Host behind the firewall. You may want to find out, why its allowed.</P><P></P><P>That would be a good first troubleshooting step.</P><P></P><P>Regards,</P><P>Hardik shah</P></BODY></HTML> Tue, 01 Jul 2014 01:22:42 GMT hshah 2014-07-01T01:22:42Z https://live.paloaltonetworks.com/t5/general-topics/block-interne/m-p/34788#M25536 <HTML><HEAD></HEAD><BODY><P>Hi friends,</P><P></P><P>How to block internet on our DB servers.</P><P></P><P></P><P>Regards</P><P>Satish</P></BODY></HTML> Mon, 30 Jun 2014 10:50:15 GMT https://live.paloaltonetworks.com/t5/general-topics/block-interne/m-p/34788#M25536 Satish 2014-06-30T10:50:15Z https://live.paloaltonetworks.com/t5/general-topics/block-interne/m-p/34789#M25537 <HTML><HEAD></HEAD><BODY><P>You would create an address group that contains all of the db servers.</P><P></P><P>then create a deny policy from this group to your internet zone as a block.&nbsp; Use log on session initiation to see what hits this&nbsp; rule.</P></BODY></HTML> Mon, 30 Jun 2014 12:18:44 GMT https://live.paloaltonetworks.com/t5/general-topics/block-interne/m-p/34789#M25537 pulukas 2014-06-30T12:18:44Z https://live.paloaltonetworks.com/t5/general-topics/block-interne/m-p/34790#M25538 <HTML><HEAD></HEAD><BODY><P>Another alternative is to open your Source NAT policy that broadly enables your network to gain internet access, and add the IP Addresses (or the Address Group as Steven Puluka suggested) to the Source Address group. You then check the box underneath that indicates "Negate". This will say: - "Do a Source NAT to enable internal network to gain internet access "except" if the source address is with these source addresses".</P><P>The Security Policy alternative mentioned by Steven is a better practice, and it will write access attempts to the traffic logs.</P></BODY></HTML> Tue, 01 Jul 2014 00:54:54 GMT https://live.paloaltonetworks.com/t5/general-topics/block-interne/m-p/34790#M25538 mivaldi 2014-07-01T00:54:54Z https://live.paloaltonetworks.com/t5/general-topics/block-interne/m-p/34791#M25539 <HTML><HEAD></HEAD><BODY><P>Hi satish,</P><P></P><P>By default In-coming Internet traffic is blocked for any Host behind the firewall. You may want to find out, why its allowed.</P><P></P><P>That would be a good first troubleshooting step.</P><P></P><P>Regards,</P><P>Hardik shah</P></BODY></HTML> Tue, 01 Jul 2014 01:22:42 GMT https://live.paloaltonetworks.com/t5/general-topics/block-interne/m-p/34791#M25539 hshah 2014-07-01T01:22:42Z https://live.paloaltonetworks.com/t5/general-topics/block-interne/m-p/34792#M25540 <HTML><HEAD></HEAD><BODY><P>Thanks Dud...</P></BODY></HTML> Wed, 02 Jul 2014 11:30:53 GMT https://live.paloaltonetworks.com/t5/general-topics/block-interne/m-p/34792#M25540 Satish 2014-07-02T11:30:53Z