- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
11-06-2023 10:09 PM
Hi everyone, I learn the palo alto firewalls as I configure them.
I have a PA firewall with 3 vlans, with management allowed over main vlan.
My ISP provided the Ipv6/48 block and I have manage to redistribute it over the networks it works great. However considering eveyr ipv6 address is routable and I naturally have no NAT means that the devices with 443 etc ports in theory can be reached over the internet. the the management of the firewall as well. I did edit the mgmt profile only allow my local ipv4 networks I guess it will protect the firewall however what about the other hosts like voip phones, plex etc
is there are rule i can pur in place to build some generic protection like source is all - dest is all, all ports - block, I guess this is something Nat does by default (not that it's built for that )
thank you
11-08-2023 07:22 AM
Hi @nevolex ,
If traffic is not specifically allowed or denied by a rule, it will get denied. By default, inter-zone traffic is denied and intra-zone traffic is allowed. If you've configured a wide open security policy before these default policies, I would recommend tightening up your security policies to allow specific source IPs. Here is a Security Policy Rule Best Practices doc that is very insightful.
11-08-2023 07:22 AM
Hi @nevolex ,
If traffic is not specifically allowed or denied by a rule, it will get denied. By default, inter-zone traffic is denied and intra-zone traffic is allowed. If you've configured a wide open security policy before these default policies, I would recommend tightening up your security policies to allow specific source IPs. Here is a Security Policy Rule Best Practices doc that is very insightful.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!