Threat Prevention - IPS features

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Threat Prevention - IPS features

L2 Linker

Hi, 

 

Can we enable IPS features on a particular sub-interface/zone in Palo alto so that it gets applied to all traffic that enters through that particular sub-interface? 

 

 

From the little reading which i did, i am seeing it as configuring it in security profiles and applying the profile under individual security policy.

 

I particularly ask for a sub-interface because the environment which i am planning to implement IPS will have a single aggregated link thorugh which all VLAN traffic would be sent/received. 

 

I am new to Palo Alto and also to IPS and trying to figure out if there are any features for enabling IPS policies in a particular sub-interface. 

1 accepted solution

Accepted Solutions

L5 Sessionator

If you are referring to Security Profiles, those are only applied at the policy level. This is done so that you can have granular control of which profile is applied to specific traffic.

There are other policies that you can apply at the zone or interface level, Zone Protection Profiles and DoS protection, but those don't serve the same purpose.

View solution in original post

4 REPLIES 4

L5 Sessionator

If you are referring to Security Profiles, those are only applied at the policy level. This is done so that you can have granular control of which profile is applied to specific traffic.

There are other policies that you can apply at the zone or interface level, Zone Protection Profiles and DoS protection, but those don't serve the same purpose.

Cyber Elite
Cyber Elite

@MGRashmi,

By default you will be creating security profiles to allow any traffic to actually pass, which you would then include security profiles to trigger the IPS functions. If you happen to have a large amount of intrazone traffic in your environment where this doesn't necissary stay true you have two options. 

 

1) Override the default intrazone-default policy to deny, and then build out the necissary security rulebase entries to allow this traffic while assigning security profiles to these rules. 

2) If you don't wish to override the default policy to deny, you can still override the profile setting to utilize security profiles on the intrazone-default entry. 

 

 

Thanks for your response. I am now clear with the security profiles vs those that can be applied at zone level. 

Thanks for clarifying regarding the usage of security policy at the intrazone level. 

  • 1 accepted solution
  • 4209 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!