Help setting up a rule to block all traffic at night

cancel
Showing results for 
Search instead for 
Did you mean: 

Help setting up a rule to block all traffic at night

L1 Bithead

OK, I'm new to firewalls in general and I inherited our Palo Alto PA500 with PANOS v5. I"m trying to set up a rule that doesn't let any traffic in or out of the building from 7:00 pm to 7:00 am. Currently my boss has a rule that the last person out unplugs the internet from the LAN. I find this to be ridiculous and insist that we can do something with the firewall and allow access between our servers over night for transfers. So I set up a policy in Policy > Security called Nightly Lockdown that denys anything. Source and destinations set to any and its run on a schedule I made. I go home, go to logmein and I can log right into our computers. So I then set up specific zones to use, again I can log right in. I even tried to specifically add Logmein to the deny list to no avail. What am I doing wrong? I don't really feel like opening a support case to resolve this. I don't know what else to try though.

1 ACCEPTED SOLUTION

Accepted Solutions

L7 Applicator

Hello Acole,

Could you please segregate the schedule into 2 parts as mentioned below:

[ 19:00-23:59 ]

[ 00:00-07:00 ]

Few related docs:

How to Schedule Policy Actions

How to Create a Schedule that Spans Two Days


A continuous session, that was previously initiated during the permit time should not block when the allowed schedule runs out. Until and unless, if you enable "rematch sessions" and then commit the configuration, then only existing sessions would be rematched to policy (and blocked in this case if the schedule dictates that action).


Policy-rematch.JPG.jpg



Thanks

View solution in original post

6 REPLIES 6

L4 Transporter

Hi acole,

try this: got to tab "device" and on the left use "schedules" thats where you configure the working-time-frame of the rule .

schedules.PNG.png

then you can use this object under "options" in rule.

rule.PNG.png

hope thats what you  want.

Cheers Klaus

Hi Klaus,

Yeah my schedule seems fine, I am more inclined to say I messed up the Security Policy. The policy has the schedule applied to it. I'm going to try and attach some screenshots.

Screenshot (16).png

L7 Applicator

Hello Acole,

Could you please segregate the schedule into 2 parts as mentioned below:

[ 19:00-23:59 ]

[ 00:00-07:00 ]

Few related docs:

How to Schedule Policy Actions

How to Create a Schedule that Spans Two Days


A continuous session, that was previously initiated during the permit time should not block when the allowed schedule runs out. Until and unless, if you enable "rematch sessions" and then commit the configuration, then only existing sessions would be rematched to policy (and blocked in this case if the schedule dictates that action).


Policy-rematch.JPG.jpg



Thanks

HULK wrote:

How to Create a Schedule that Spans Two Days


A continuous session, that was previously initiated during the permit time should not block when the allowed schedule runs out. Until and unless, if you enable "rematch sessions" and then commit the configuration, then only existing sessions would be rematched to policy (and blocked in this case if the schedule dictates that action).


Policy-rematch.JPG.jpg



Thanks

Ok the top part of your post made perfect sense to me....however you totally lost me on the bottom part (quoted above). I understand that I have to check the Rematch Sessions button correct? And I have no idea what checking that actually does. If you could clarify that a little bit it would be much appreciated!

Thank you!

Hello Acole,

Schedule of the policy is only applied at the time of session setup. If the schedule says the session can be allowed at the  time of setup (example 18:59), it is allowed. The system does not have a mechanism to  go back and kill the same sessions midstream when the schedule expires. ( After 19:00)

Hence, for the testing purpose, you can enable session-rematch to confirm all traffic hitting the desired policy.

Thanks

Ok I think I'm understanding that a bit better. So from what I'm getting, if Logmein is connected to their servers from my PC at 15:00 and it stays connected, when 19:00 rolls around it will still be allowed through. But if session-rematch is checked, the new policy will be applied to currently opened sessions?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!