06-01-2011 05:02 PM
We have an Extranet server which sits on our DMZ... http and https are allowed through the firewall so that outside users can access the web app on that server. My server admin asked me if I can block all inbound traffic from China and Taiwan as he gets a ton of hack attempts coming from those countries. Our web app doesn't serve anybody in those countries so it makes sense to me. Does anybody know a reason why I should not do that? And does anybody know how I would go about blocking traffic from those sources?
Thanks in advance for the help!
06-01-2011 05:44 PM
With PAN-OS for 4.0, the security policies support specifying countries, in the source and destination fields of security policy. That will be the easiest and best option for you to block traffic from certian countries
06-02-2011 03:59 PM
Thanks for the reply. That's exactly what I'm looking for... I just want to specify a country in the source field of my security policy. I don't see how to add a country though... do I have to manually set up an object or something? I know that IP source country is already defined and tracked somewhere as the Traffic Map under the Monitor tab shows traffic from different countries. Can you point out what I'm missing?
Thanks for the help!
06-03-2011 10:02 AM
As long as you are on 4.0.x, you can choose a source country when you add a security rule under the Policies tab. The country list will appear in the drop down menu when you click "Add" under "Source Address" or in the drop down "Name" field under "Regions".
06-03-2011 10:42 AM
Aaaah... got it... thanks! I'm actually on 3.1.5 so that's where I was confused. I'll check it out once we upgrade.
Thanks for the help!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!