This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Help setting up a rule to block all traffic at night

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Help setting up a rule to block all traffic at night

Go to solution
acole
L1 Bithead

‎03-21-2014 06:06 AM

OK, I'm new to firewalls in general and I inherited our Palo Alto PA500 with PANOS v5. I"m trying to set up a rule that doesn't let any traffic in or out of the building from 7:00 pm to 7:00 am. Currently my boss has a rule that the last person out unplugs the internet from the LAN. I find this to be ridiculous and insist that we can do something with the firewall and allow access between our servers over night for transfers. So I set up a policy in Policy > Security called Nightly Lockdown that denys anything. Source and destinations set to any and its run on a schedule I made. I go home, go to logmein and I can log right into our computers. So I then set up specific zones to use, again I can log right in. I even tried to specifically add Logmein to the deny list to no avail. What am I doing wrong? I don't really feel like opening a support case to resolve this. I don't know what else to try though.

1 accepted solution

Accepted Solutions

Go to solution
HULK
L7 Applicator

‎03-21-2014 07:37 AM

Hello Acole,

Could you please segregate the schedule into 2 parts as mentioned below:

[ 19:00-23:59 ]

[ 00:00-07:00 ]

Few related docs:

How to Schedule Policy Actions

How to Create a Schedule that Spans Two Days


A continuous session, that was previously initiated during the permit time should not block when the allowed schedule runs out. Until and unless, if you enable "rematch sessions" and then commit the configuration, then only existing sessions would be rematched to policy (and blocked in this case if the schedule dictates that action).


Policy-rematch.JPG.jpg



Thanks

View solution in original post

0 Likes Likes
6 REPLIES 6

Go to solution
kdd
L4 Transporter

‎03-21-2014 07:23 AM

Hi acole,

try this: got to tab "device" and on the left use "schedules" thats where you configure the working-time-frame of the rule .

schedules.PNG.png

then you can use this object under "options" in rule.

rule.PNG.png

hope thats what you  want.

Cheers Klaus

0 Likes Likes

Go to solution
acole
L1 Bithead
In response to kdd

‎03-21-2014 07:31 AM

Hi Klaus,

Yeah my schedule seems fine, I am more inclined to say I messed up the Security Policy. The policy has the schedule applied to it. I'm going to try and attach some screenshots.

Screenshot (16).png

0 Likes Likes

Go to solution
HULK
L7 Applicator

‎03-21-2014 07:37 AM

Hello Acole,

Could you please segregate the schedule into 2 parts as mentioned below:

[ 19:00-23:59 ]

[ 00:00-07:00 ]

Few related docs:

How to Schedule Policy Actions

How to Create a Schedule that Spans Two Days


A continuous session, that was previously initiated during the permit time should not block when the allowed schedule runs out. Until and unless, if you enable "rematch sessions" and then commit the configuration, then only existing sessions would be rematched to policy (and blocked in this case if the schedule dictates that action).


Policy-rematch.JPG.jpg



Thanks

0 Likes Likes

Go to solution
acole
L1 Bithead
In response to HULK

‎03-21-2014 07:52 AM 

HULK wrote:


How to Create a Schedule that Spans Two Days





A continuous session, that was previously initiated during the permit time should not block when the allowed schedule runs out. Until and unless, if you enable "rematch sessions" and then commit the configuration, then only existing sessions would be rematched to policy (and blocked in this case if the schedule dictates that action).





Policy-rematch.JPG.jpg








Thanks

Ok the top part of your post made perfect sense to me....however you totally lost me on the bottom part (quoted above). I understand that I have to check the Rematch Sessions button correct? And I have no idea what checking that actually does. If you could clarify that a little bit it would be much appreciated!

Thank you!

0 Likes Likes

Go to solution
HULK
L7 Applicator
In response to acole

‎03-21-2014 08:03 AM

Hello Acole,

Schedule of the policy is only applied at the time of session setup. If the schedule says the session can be allowed at the  time of setup (example 18:59), it is allowed. The system does not have a mechanism to  go back and kill the same sessions midstream when the schedule expires. ( After 19:00)

Hence, for the testing purpose, you can enable session-rematch to confirm all traffic hitting the desired policy.

Thanks

Go to solution
acole
L1 Bithead
In response to HULK

‎03-21-2014 08:49 AM

Ok I think I'm understanding that a bit better. So from what I'm getting, if Logmein is connected to their servers from my PC at 15:00 and it stays connected, when 19:00 rolls around it will still be allowed through. But if session-rematch is checked, the new policy will be applied to currently opened sessions?

0 Likes Likes
  • 1 accepted solution
  • 4168 Views
  • 6 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks