Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
08-21-2023 10:03 PM
hi everyone,
We have a PBF Rule allow all internal users to internet via our ISP1.
And I want to create another PBF rule on top of the above PBF rule to allow Instagram application traffic towards ISP2?
I look through the below KB but it is not doable:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clq1CAC
So i want to check if anyone have other alternative on this? Please advise!
08-21-2023 10:12 PM
Routing decision needs to be made based on first packet in session.
As first packet in session is SYN that don't include URL you cannot configure PBF based on URLs.
You could set create FQDN address object for instagram.com (and any other domains related to Instagram) and set PBF by placing those FQDNs into destination IP field.
08-21-2023 10:17 PM
are we able to create a willcard domain for instagram? Or we really need to create all the domain related to instagram?
08-21-2023 10:24 PM
You can't use wildcard as Palo needs to resolve those domains to IP address so taking this route you need to add every domain.
08-23-2023 03:00 AM
Hello LeoLion,
If you have SDWAN license on the firewall, you can set up some sdwan rules.
So you can set some rules on app-id.
Olivier
PCSNE - CISSP
Best Effort contributor
Check out our PANCast Channel
Disclaimer : All messages are my personal ones and do not represent my company's view in any way.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
