How paloalto security roles work

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

How paloalto security roles work

L1 Bithead

Hello Everyone


I want to know about Paloalto security roles. I mention the problem I have


In our system, there are many roles for internet access. All roles are assigned with active directory groups.
A user can have one or more internet roles.
For example: One user can have both "low internet" and "social internet". And the url filter of each one is different.
It used to work with this rule, but now according to policy role rules, whichever role is higher, it works. There is no request for the second role.
Please help me on this. What can I do to make all roles work regardless of their location in the previous order.
For example, when you enter youtube.com, the request should be addressed to the "social-internet", not the "low-internet"

 

Thanks in advance.

1 REPLY 1

Cyber Elite
Cyber Elite

Hello,

The firewall reads the policies from top down and left to right. Once it finds a matching policy to the traffic, it applies that policy and stops looking for more. So its a balancing act to how to order your policies so that one does not over ride the others. So for this case, lets say the 'low internet' policy is rule 50 and 'social internet' is 55. If the traffic matches both, it will only use the 'low internet' policy since its 'higher' in the list. If the traffic only matches the 'social internet' policy, it will apply that policy. 

 

Hope that helps.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!