Let me start by saying that I am not a firewall expert by any means but I think the task I have is simple. I want to block all traffic through a PA-500 except for a single conversation between a dedicated machine on each side of the firewall. Is there an easy way to do this? BTW the IPs are static on both machines.
Solved! Go to Solution.
This should be pretty straightforward... have you looked at our Tech Docs site? Here is a link to working with Security Policies on version 8.1 of PAN-OS, there are links to other generally available versions, that should be helpful:
Keep in mind that PAN-OS denies be default, so you would need to be specific to the source/destination details.
It's pretty much the simplest rule you could have. You just need to specify...
If the conversation is only ever started by one machine then
Service any [ or limit it to what you need],
If either can start the conversation then you just add another rule and reveres all the parameters.
But is the firewall running already? Are both networks connected?
This is not in service yet. I have it on my desk and I will try your suggestions. I guess I really should have asked if the firewall blocks everything by default in its off the shelf configuration but it looks like it does.
Thanks for the help.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!