https://live.paloaltonetworks.com/t5/general-topics/blocking-traffic-from-another-country/m-p/47069#M34599 <HTML><HEAD></HEAD><BODY><P>Aaaah... got it... thanks!&nbsp; I'm actually on 3.1.5 so that's where I was confused.&nbsp; I'll check it out once we upgrade.</P><P></P><P>Thanks for the help!</P></BODY></HTML> Fri, 03 Jun 2011 17:42:25 GMT dwoolley 2011-06-03T17:42:25Z https://live.paloaltonetworks.com/t5/general-topics/blocking-traffic-from-another-country/m-p/47065#M34595 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>We have an Extranet server which sits on our DMZ... http and https are allowed through the firewall so that outside users can access the web app on that server.&nbsp; My server admin asked me if I can block all inbound traffic from China and Taiwan as he gets a ton of hack attempts coming from those countries.&nbsp; Our web app doesn't serve anybody in those countries so it makes sense to me.&nbsp; Does anybody know a reason why I should not do that?&nbsp; And does anybody know how I would go about blocking traffic from those sources?</P><P></P><P>Thanks in advance for the help!</P><P>-Dave</P></BODY></HTML> Thu, 02 Jun 2011 00:02:43 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-traffic-from-another-country/m-p/47065#M34595 dwoolley 2011-06-02T00:02:43Z https://live.paloaltonetworks.com/t5/general-topics/blocking-traffic-from-another-country/m-p/47066#M34596 <HTML><HEAD></HEAD><BODY><P>Dave</P><P>With PAN-OS for 4.0, the security policies support specifying countries, in the source and destination fields of security policy. That will be the easiest and best option for you to block traffic from certian countries</P><P></P><P>Thank you</P><P>Jerish</P></BODY></HTML> Thu, 02 Jun 2011 00:44:17 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-traffic-from-another-country/m-p/47066#M34596 jpa 2011-06-02T00:44:17Z https://live.paloaltonetworks.com/t5/general-topics/blocking-traffic-from-another-country/m-p/47067#M34597 <HTML><HEAD></HEAD><BODY><P>Jerish,</P><P></P><P>Thanks for the reply.&nbsp; That's exactly what I'm looking for... I just want to specify a country in the source field of my security policy.&nbsp; I don't see how to add a country though... do I have to manually set up an object or something?&nbsp; I know that IP source country is already defined and tracked somewhere as the Traffic Map under the Monitor tab shows traffic from different countries.&nbsp; Can you point out what I'm missing?</P><P></P><P>Thanks for the help!</P><P>-Dave</P></BODY></HTML> Thu, 02 Jun 2011 22:59:58 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-traffic-from-another-country/m-p/47067#M34597 dwoolley 2011-06-02T22:59:58Z https://live.paloaltonetworks.com/t5/general-topics/blocking-traffic-from-another-country/m-p/47068#M34598 <HTML><HEAD></HEAD><BODY><P>As long as you are on 4.0.x, you can choose a source country when you add a security rule under the Policies tab.&nbsp; The country list will appear in the drop down menu when you click "Add" under "Source Address" or in the drop down "Name" field under "Regions".</P><P></P><P><IMG alt="countries.png" class="jive-image-thumbnail jive-image" onclick="" src="https://live.paloaltonetworks.com/legacyfs/online/2377_countries.png" width="450" /></P></BODY></HTML> Fri, 03 Jun 2011 17:02:30 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-traffic-from-another-country/m-p/47068#M34598 nrice 2011-06-03T17:02:30Z https://live.paloaltonetworks.com/t5/general-topics/blocking-traffic-from-another-country/m-p/47069#M34599 <HTML><HEAD></HEAD><BODY><P>Aaaah... got it... thanks!&nbsp; I'm actually on 3.1.5 so that's where I was confused.&nbsp; I'll check it out once we upgrade.</P><P></P><P>Thanks for the help!</P></BODY></HTML> Fri, 03 Jun 2011 17:42:25 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-traffic-from-another-country/m-p/47069#M34599 dwoolley 2011-06-03T17:42:25Z https://live.paloaltonetworks.com/t5/general-topics/blocking-traffic-from-another-country/m-p/47070#M34600 <HTML><HEAD></HEAD><BODY><P>I am slightly confused. Why would the external country be associated to a source address instead of a destination address? Our rules go from trust to untrust, (trust being internal IPs obviously). Therefore a user (source) hitting a chinese site (destination country block CN) should in theory be blocked but it isn't (IP confirmed to be registered in China).</P><P></P><P>Is the response from a chinese site then considered to be the "source" by PA?</P><P></P><P>Can someone elaborate a bit more on how this rule should work effectively?</P><P></P><P></P><P>To block CN, which would be the rule (or rule combo)?:</P><P></P><P>a) from Trust source (user) to Untrust destination (country block) action Deny? not working</P><P></P><P>or</P><P>b) from trust source (country block) to untrust source (user) action Deny? illogical to trust a blocked country</P><P></P><P></P><P>or</P><P>c) from Untrust source (country block) to Trust destination (user) action Deny?</P><P></P><P>or.....</P><P></P><P>Thanks,</P><P></P><P>Larry</P></BODY></HTML> Tue, 29 May 2012 20:33:35 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-traffic-from-another-country/m-p/47070#M34600 hvcomputech 2012-05-29T20:33:35Z