This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Can PAN support inbould traffic filtering based on URI?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Can PAN support inbould traffic filtering based on URI?

John.ZHANG
L0 Member

‎09-01-2012 07:05 AM

Environment:

- There is a web server resides on DMZA. Two application URIs: www.url.com/service_1 and www.url.com/service_2, have configured on this web server.

- The DMZA is protected by PAN in vwire mode.

Can PAN fulfill following requirement? If yes, could you please let me know the configuration?

- www.url.com/service_1 can be accessed from the Internet without limitation.

- www.url.com/service_2 can only be accessed from the Internet if the source IP is x.x.x.x

Thanks a lot.

0 Likes Likes
2 REPLIES 2

UhMayYeah
L5 Sessionator

‎09-01-2012 12:23 PM

Hello John,

You can create Custom-Application based on the URI path.

Here is a documentation explaining things.

https://live.paloaltonetworks.com/docs/DOC-2015

-Ameya

0 Likes Likes

mikand
L6 Presenter
In response to UhMayYeah

‎09-02-2012 10:28 AM

If im not mistaken you can do this in 3 different ways in a PA device:

1) Setup a custom URL-category which you attach to each rule (rule1 will allow srcip:any to access service1 and rule2 will only allow srcip:x.x.x.x to access service2).

2) Setup a custom APP-ID that will be identified when each service url is being used.

3) Setup a custom IPS signature to trigger if the request doesnt match, and use this custom IPS signature only for the two rules above.

You could of course also combine the methods mentioned above.

The good part with using method 2 above (as example) is that your reports will have these requests as their own line (appid:service1 and appid:service2) - the bad part is that you probably have other files on your webserver which each service will use (lets say background pictures or such using /pics as uri or so) and in those cases you will need to look at several appids to find out for example how much traffic each service uses.

0 Likes Likes
  • 2574 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks