Hi @chipabf ,
I used to get those all the time. Here are some of the things I have done:
The simplest method is to create an inbound block rule from any countries that don't require inbound access. My solution in steps 2-4 is a little more complicated. It uses a whitelist rather than a blacklist approach. This not only blocks other countries, but also attempts to access ports that are not open.
Disable the GP portal login page. Most, if not all, of the attempts are HTTP-based and go away once the web page is disabled. You don't need this page if you are not using it to distribute the client software.
Do not use the intrazone-default rule for access to the outside interface. Create a separate rule that allows panos-global-protect and, if configured, ipsec-esp-udp, and source this rule only from your home country. Create other rules for S2S VPNs, BGP, etc. with specific sources. Then all other countries are blocked. (Exceptions can be made if a user goes out of country.)
Then create a universal rule that denies access from the outside to any zone. You may break things if #2 is not done completely! Have a backout plan.
That has eliminated the vast majority of attempts. However, I still am getting a few. I have MFA configured for my GP. So, I don't have to figure it out today.
Thanks,
Tom
... View more
