Use URL filtering and Regional blocks

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L0 Member

Use URL filtering and Regional blocks

We block Regions at the moment, so traffic going to Russian IPs are dropped. But lets say that I now need to allow a specific URL to be allowed to Russia. If I make a rule above our block rule that has a custom URL category associated with it and define HTTPS as the service. Will that now force layer 7 inspection on all of that traffic? Or was it always getting layer 7 inspected so it doesn't matter? and do I need to concern myself with any of the URL Category "any" traffic that seems to always be generated.

Highlighted
L2 Linker

This would be difficult to do, since IPs can be blocked through policies but URLs have different IPs coming from. A single url can be redirected through multiple IPs. If you know the exact IP for the URL then you can definitely do it by blocking the region in your policy although having a specific IP allowed in the above policy.

 

Maybe url allow/bock can be better handled through a DNS than the firewall. Firewall would work more on IP blocks from that region. 

 

There are still a few docs available on Country blocks below:

https://live.paloaltonetworks.com/t5/blogs/geolocation-and-geoblocking/ba-p/315433

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJWCA0

 

https://live.paloaltonetworks.com/t5/threat-vulnerability-discussions/block-all-countries-except-two...

 

Hope this helps,

VR



Thanks & Regards,
Varun Rao
Senior Security Engineer, Victoria | Australia | NTT





Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!