This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Need help understanding how to setup conditions for Firewalls

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Need help understanding how to setup conditions for Firewalls

TPalo2809
L0 Member

‎11-23-2021 01:00 PM

As it stands m firewall looks at rules in a sequential sense and applies rules in that way. 

meaning if it reaches a Deny it will immediately cancel a packet (which isn't necessarily bad) but it also means if a rule permits a user to do something interferes with another that denies him something - the user will get access to things they shouldn't. 

My question here is can I make rules that follow the logic of "if ___ then ___" instead of the traditional "when__ do___"

0 Likes Likes
2 REPLIES 2

SutareMayur
Cyber Elite
Cyber Elite

‎11-23-2021 11:00 PM

Hi @TPalo2809 ,

 

Yes you can write more granular security policy which will allow only specific traffic request based on the allowed parameters. Now to achieve it, only keeping Source/Dest IP addresses and services based policies won’t help.

You would need to use different features of palo alto firewalls like USER-ID agent, security profiles like URL filtering, Vulnerability/Anti-Spyware profiles, Data Filtering etc. Such Security Profiles helps to allow only specific traffic and also it blocks traffic if any of threat pattern is observed. With USER-ID agent, you can also add user-id based policy where source user will be checked and then it will allow/deny based on the policy action. Palo Alto App-ID helps you to leverage behavioral characteristics and decide to allow/restrict if exact application is not identified.

 

The best thing about all these features is it gets updated automatically on the palo alto update server. We just need to configure our firewall to download the updated version and install same.

 

So by leveraging all such features, you can define strict policy set to achieve your requirement. To get more clarity, you can refer this article.

 

Hope it helps!

 

 

M
0 Likes Likes

Mick_Ball
L7 Applicator

‎11-24-2021 12:20 AM

The policy sequence already kind of does “if then”...  

if match policy 1 then do...   if not then next policy...

 

i would be more granular on your allow as per @SutareMayur  and only allow those intended..

if this is not possible then move your more specific deny policy above the allow...

that is why we have policy numbering and the ability to move them up or down...

 

  • 1704 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks