08-18-2020 12:03 PM
We block Regions at the moment, so traffic going to Russian IPs are dropped. But lets say that I now need to allow a specific URL to be allowed to Russia. If I make a rule above our block rule that has a custom URL category associated with it and define HTTPS as the service. Will that now force layer 7 inspection on all of that traffic? Or was it always getting layer 7 inspected so it doesn't matter? and do I need to concern myself with any of the URL Category "any" traffic that seems to always be generated.
08-18-2020 07:09 PM
This would be difficult to do, since IPs can be blocked through policies but URLs have different IPs coming from. A single url can be redirected through multiple IPs. If you know the exact IP for the URL then you can definitely do it by blocking the region in your policy although having a specific IP allowed in the above policy.
Maybe url allow/bock can be better handled through a DNS than the firewall. Firewall would work more on IP blocks from that region.
There are still a few docs available on Country blocks below:
https://live.paloaltonetworks.com/t5/blogs/geolocation-and-geoblocking/ba-p/315433
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJWCA0
Hope this helps,
VR
11-08-2020 10:38 PM
you can block the URL by using FQDN. Create the address object and use give the URLs.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
