Block all traffic but a single IP Address

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Block all traffic but a single IP Address

L0 Member

Let me start by saying that I am not a firewall expert by any means but I think the task I have is simple. I want to block all traffic through a PA-500 except for a single conversation between a dedicated machine on each side of the firewall. Is there an easy way to do this? BTW the IPs are static on both machines.

Thanks

1 accepted solution

Accepted Solutions

L4 Transporter

It's pretty much the simplest rule you could have. You just need to specify...

 

If the conversation is only ever started by one machine then

Source Zone,

Source IP,

Dest Zone,

Dest IP,

Service any [ or limit it to what you need],

Action allow,

 

If either can start the conversation then you just add another rule and reveres all the parameters.

 

 

 

But is the firewall running already? Are both networks connected? 

View solution in original post

3 REPLIES 3

L3 Networker

This should be pretty straightforward... have you looked at our Tech Docs site? Here is a link to working with Security Policies on version 8.1 of PAN-OS, there are links to other generally available versions, that should be helpful:

 

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/policy/security-policy.html

 

Keep in mind that PAN-OS denies be default, so you would need to be specific to the source/destination details.

L4 Transporter

It's pretty much the simplest rule you could have. You just need to specify...

 

If the conversation is only ever started by one machine then

Source Zone,

Source IP,

Dest Zone,

Dest IP,

Service any [ or limit it to what you need],

Action allow,

 

If either can start the conversation then you just add another rule and reveres all the parameters.

 

 

 

But is the firewall running already? Are both networks connected? 

This is not in service yet. I have it on my desk and I will try your suggestions. I guess I really should have asked if the firewall blocks everything by default in its off the shelf configuration but it looks like it does.

Thanks for the help.

  • 1 accepted solution
  • 3712 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!