Traffic Thourhg the intended Security Rule

cancel
Showing results for 
Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Traffic Thourhg the intended Security Rule

L1 Bithead

Hello,

 

I have configured a new Security Rule on top (#9 in the picture down) to Block traffic intended to a Custom URL configured in the profile  Block_Files

* TOP RULE *

  • Source Zone:                     any
  • Source Address:              any
  • Destination Zone:            any
  • Destination Address:      any

 

* NEXT RULE *

  • Source Zone:                   Trust
  • Source Address:              10.10.10.10
  • Destination Zone:            Internet
  • Destination Address:      any

 

 

 

But the problem when I try to connect to the Custom URL defined in  Block_Files  the request goes through the next Security Rule set for 10.10.10.10, i.e., although the traffic or URL is matching the Custom URL defined in Block_Files, but it does not go through nor blocked by the Security Rule on top!!

 

Is the above Rule valid/correct

 

Thank you ...

 

1 ACCEPTED SOLUTION

Accepted Solutions

Community Team Member

Hi @mshamsan ,

 

There is no picture ?

How have you setup the rules exactly (applications, ports, services, etc... ) ? How is the traffic identified ?

 

Cheers,

-Kiwi.

 

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Don't forget to hit that Like button if a post is helpful to you!

View solution in original post

3 REPLIES 3

Community Team Member

Hi @mshamsan ,

 

There is no picture ?

How have you setup the rules exactly (applications, ports, services, etc... ) ? How is the traffic identified ?

 

Cheers,

-Kiwi.

 

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Don't forget to hit that Like button if a post is helpful to you!

Cyber Elite
Cyber Elite

@mshamsan,

In addition to what @kiwi has already asked, if you setup a URL-Filtering profile with all categories set to "alert" (or just setup your custom category with the alert action) you'll be able to look at your URL logs to see how the firewall is categorizing the traffic. 

Hi Kiwi,

  Thank you ..

 

Actually, I have setup/added an application under Applications tab, to the same, so since I am not using this application to connect to the internet, then the conditions were never met, i.e., the traffic was not matching this rule and the traffic was intercepted by next rule!

 

Now everything is fine, after removing the Application and kept the URL Profile.

 

 

Thank you ...

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!