Negate please

Showing results for 
Search instead for 
Did you mean: 

Negate please

L3 Networker

I am running PanOS 4.1.7, migrating from a Checkpoint R75 platform.   I have a lot of rules in place, but we are heavy into excpetions.  I keep running into situations that would be very easy to handle if I simply had the Negate option.

For example, I have a rule that allows domain users out to specific web apps using my URL filtering, along with data filtering, and other policies in a single rule.

I have around 20 of these rules based on AD user group.

Below these rules, I block access to the Internet.  If someone fires up a non domain VMware guest and uses a bridged connection, they basically get no Internet access.

At the top and then in the middle of these rules, I have application filters blocking apps such as proxy, DNS, video, audio, etc.   The location is based on which users can use these apps.

The problem is I need to block things like http-audo and http-video, yet exclude specific sites from this blocking for everyone. 

Life would be a lot easier if I could block using an application filter, while negating my URL custom category of "white listed sites."    Or if I could create a rule that blocks by application filter to all users while negating a specific AD user group.

I know how to make this work with 4.1.7, I just really would love to see more Negate options in future releases.


L5 Sessionator

Feedback of this nature is very important to us.  Your feedback is what allows us deliver a stronger product.  Have you discussed submitting feature requests of this nature with your Palo Alto Networks SE or Account Team?

To be honost, I'm not sure how to do this.  I have Palo Alto Networks support through a 3rd party.  Is there a formal feature request document, or do I just pass it on through my 3rd party support?

Thank you.

Please open a ticket with your 3rd party support. The 3rd party will make a feature request will with concerned sales team..

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!