This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

New PA Purchase - Rules question and any tips?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

New PA Purchase - Rules question and any tips?

nathan_gilmore
Not applicable

‎10-31-2011 02:29 PM

Recently purchased a PA2020 to replace our Cisco PIX 525.  I'm in the process of auditing our cisco config and recreating it in the PA.

I'm looking for suggestions on how to allow applications inside to outside and outside to inside.

I only have two zones setup.  inside-trust & outside-untrust

Can I just create one rule to allow skype that lists both zones on either side of the rule?

sourcedestination
namezoneaddresszoneaddress
application
rule1

inside-trust

outside-untrust

any

inside-trust

outside-untrust

anyskype

or is it better to have two rules and break it up for inside to outside and outside to inside?



sourcedestination
namezoneaddresszoneaddress
application
rule1

inside-trust

any

outside-untrust

anyskype



sourcedestination
namezoneaddresszoneaddress
application
rule2

outside-untrust

any

inside-trust

anyskype

Either way is fine with me, I'm just looking for best practices or if having both zones listed is a bad idea or even supported.  Also if anyone has done this and found if it is a good idea or bad idea?  Gaming is another example that relates to this question as I work at a university.

Thanks!

0 Likes Likes
2 REPLIES 2

zajilioss
L2 Linker

‎10-31-2011 03:12 PM

better to have two rules.helps in troubleshooting...

UKRB
L3 Networker

‎10-31-2011 05:01 PM

I agree - two rules is much easier to troubleshoot. You can also find yourself shadowing rules quite easily if you combine them. The 'Show Unused Rule' feature is handy to use after a few days as you might fiind some rules you thought were required are completely redundant.

  • 2376 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks