10-30-2017 03:58 AM
Hi,
I have some questions regarding the PAN-OS and blocking IP addresses.
We are getting daily emails with lists of IP's that are port scanning and probing th FW. The customer wants all these addresses blocked. For example over the last 2 weeks I have around 60 addresses to add. At the minute the process is to add each IP under objects > Addresses and then add the address object in to an address group object that blocks these addresses.
Is there a better way of doing this? I have found an article on External Dynamic Lists and using an interal web server which looks like a good option.
The other question I have is when I put these addresses in to a blacklist checker most of the come up on external blacklists. Is there a way of using these blacklists to block the traffic instead of keeping our own list?
Thanks in advance,
Luke
12-07-2017 09:26 AM - edited 12-07-2017 09:26 AM
Question what pan os version are you using . I'm on 8.0.x and it has a built in External Block list that you can add to your Security rules.
12-18-2017 03:59 PM
Hello,
Here is a good video for v7.1.
And here is a document for v8
Cheers!
02-22-2021 11:00 AM
This will show you how to blacklist IP addresses automatically and place them in a firewall rule autoamtically.
04-09-2021 07:52 AM - edited 04-09-2021 07:52 AM
@ OtakarKlier
I am Access Denied to both of those links.
04-09-2021 08:11 AM
Hello,
I would say just go with the several built in lists. Stay with more behavioral based approaches along with a secure DNS provider.
Regards,
04-09-2021 08:22 AM
A bit frustrating when looking for help and all the links come up like this. Including this latest one.
04-09-2021 08:24 AM
Agreed. Hope you got the info you needed.
04-09-2021 08:37 AM
Have you tried MineMeld?
04-10-2021 05:55 AM
11-30-2021 11:33 PM
unfortunately - those links don't work anymore, so there is no point in trying to see them...
09-07-2023 09:32 AM
so I did the next best thing and googled it...
https://www.google.com/search?q=how-to-automatically-blacklist-an-attackers-ip-on-palo-alto&rlz=1C1G...
Thank you for the likes 🙂
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
