block interne

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

block interne

L4 Transporter

Hi friends,

How to block internet on our DB servers.

Regards

Satish

1 accepted solution

Accepted Solutions

L7 Applicator

You would create an address group that contains all of the db servers.

then create a deny policy from this group to your internet zone as a block.  Use log on session initiation to see what hits this  rule.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

View solution in original post

4 REPLIES 4

L7 Applicator

You would create an address group that contains all of the db servers.

then create a deny policy from this group to your internet zone as a block.  Use log on session initiation to see what hits this  rule.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

L7 Applicator

Another alternative is to open your Source NAT policy that broadly enables your network to gain internet access, and add the IP Addresses (or the Address Group as Steven Puluka suggested) to the Source Address group. You then check the box underneath that indicates "Negate". This will say: - "Do a Source NAT to enable internal network to gain internet access "except" if the source address is with these source addresses".

The Security Policy alternative mentioned by Steven is a better practice, and it will write access attempts to the traffic logs.

L6 Presenter

Hi satish,

By default In-coming Internet traffic is blocked for any Host behind the firewall. You may want to find out, why its allowed.

That would be a good first troubleshooting step.

Regards,

Hardik shah

Thanks Dud...

  • 1 accepted solution
  • 2765 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!