- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-26-2018 06:14 AM
Hi,
Can we enable IPS features on a particular sub-interface/zone in Palo alto so that it gets applied to all traffic that enters through that particular sub-interface?
From the little reading which i did, i am seeing it as configuring it in security profiles and applying the profile under individual security policy.
I particularly ask for a sub-interface because the environment which i am planning to implement IPS will have a single aggregated link thorugh which all VLAN traffic would be sent/received.
I am new to Palo Alto and also to IPS and trying to figure out if there are any features for enabling IPS policies in a particular sub-interface.
12-26-2018 05:04 PM
If you are referring to Security Profiles, those are only applied at the policy level. This is done so that you can have granular control of which profile is applied to specific traffic.
There are other policies that you can apply at the zone or interface level, Zone Protection Profiles and DoS protection, but those don't serve the same purpose.
12-26-2018 05:04 PM
If you are referring to Security Profiles, those are only applied at the policy level. This is done so that you can have granular control of which profile is applied to specific traffic.
There are other policies that you can apply at the zone or interface level, Zone Protection Profiles and DoS protection, but those don't serve the same purpose.
12-27-2018 09:32 AM
By default you will be creating security profiles to allow any traffic to actually pass, which you would then include security profiles to trigger the IPS functions. If you happen to have a large amount of intrazone traffic in your environment where this doesn't necissary stay true you have two options.
1) Override the default intrazone-default policy to deny, and then build out the necissary security rulebase entries to allow this traffic while assigning security profiles to these rules.
2) If you don't wish to override the default policy to deny, you can still override the profile setting to utilize security profiles on the intrazone-default entry.
12-27-2018 11:23 PM
Thanks for your response. I am now clear with the security profiles vs those that can be applied at zone level.
12-27-2018 11:24 PM
Thanks for clarifying regarding the usage of security policy at the intrazone level.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!