02-04-2025 06:37 AM - edited 02-04-2025 06:55 AM
Hi!
Been trying the Embargo Rule for Geo Location restrictions in for Global Protect in Prisma Cloud. This works prefect to exclude the countries you do not want logins from.
What I would like to know is if someone been able to use similar rules to add EDLs or Palo Alto Built in EDLs in the same type of rule. I cannot find any information on a solution, but some finding suggested it should work.
An even better way would be to be able to add a Dynamic Group to the rule dropping every attempt by non-authorized users. Or users with a domain prefix. All bad attempts on my GP are by single names like "Adminp", "john" and " user1".
This is part of my work to minimize bad login attempts in Global Protect. We use SAML and 2factor authentication so it's not that I am concerned about. It just looks bad and would be in Palo Alto's interest to minimize the insane number of logins in Prisma Access.
Br
Jonas
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
