Guest Wifi is done via Aruba networks, so all traffic is run through the controller. In the past we have used the stateful firewall which we can configure separately for each SSID, which works fine... but since we are separating our guest wifi into a separate IP range, we use the Palo Alto to configure different filtering rules, antivirus policies, etc for the traffic running on that IP range (i.e. the guest wifi) traffic. This works very well... What I was specifically ask about is this. Right now, we are using the aruba firewall to do port blocking on the guest wifi to limit certain applications. This is obviously difficult and inefficient. What we would LIKE to do is the following. Take all traffic traveling over the guest wifi network and apply application filtering (just like we already do for url filtering, antivirus, etc) The question... what is the best way to provide application filtering to this traffic? Setup a rule that blocks each application individually? Set up a rule with several applications in it as blocked? Is there a better way to filter (block all peer-to-peer for example) without having to setup each and every application individually?
... View more
We are relatively new to Palo Alto detailed configs, although we have used url filtering, av filtering, etc for some time. We want to start doing a better job blocking at the application level on our guest wifi, especially in the areas of peer-to-peer, etc. Are there some basic guidelines or configuration guides on how to get started. Baseline I suppose.
... View more