11-23-2024 07:10 PM
We recently migrated to the Palo Alto Firewalls. I am looking for best practice/recommendations on how to properly order firewall rules. We have all our block rules first (geoblocking, malicious sites, specific apps, etc) up top. But what about the rest?
Is it supposed to be more defined rules (specific ip to ip) up top? Do general application rules go towards the bottom (ex: any source to any destination using netflix)?
My thought is to put all the specific rules on top and leave the general/more open ones towards the bottom.
This would go for all sections:
Shared (overall) Pre-Rules blocks and specific rules
Shared (overall) Post-Rules more generic open rules/apps
Specific FWs (pre rules) - more specific for site rules and apps
Specific FWs (post rules) - more generic open rules/apps
Is there a better way?
11-25-2024 12:13 PM
Hello,
There are many methods to organizing policies and sometimes its gets very complicated. I do something similar to what you have except I dont use Panorama:
Sometimes it wont work out depending on the logic, top down left to right. Best is to check and see if you already have a policy in place or if you need a new one. Here is a default base config I created with some of this in mind, block first, allow windows updates, then maybe more specific etc. Check the logs to ensure the proper policy is getting used when testing out the traffic.
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
