Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- ›
- About Fraz_Mahmud
About Fraz_Mahmud
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
12-05-2020
4Posts
0Likes
0Solutions
Dec 05, 2020Last Visited
User
Activity
User
Profile
Latest posts by Fraz_Mahmud
| Subject | Views | Posted |
|---|---|---|
| 329 | 11-25-2020 06:32 AM | |
| 331 | 11-25-2020 06:31 AM | |
| 349 | 11-25-2020 06:13 AM | |
| 424 | 11-24-2020 08:01 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 1 |
User Badges
Public Statistics
| Date Registered | 11-24-2020 07:44 AM |
| Date Last Visited | 12-05-2020 06:16 AM |
| Total Messages Posted | 4 |
11-25-2020
06:32 AM
@MP18 Thanks for the help. I'm not entirely sure this will work reflecting on it? The URL that incoming traffic is received via is DNSd to the AWS classic internet load balancer. So all traffic must come via the load balancer, then traverse the Palo Alto and then be blocked if non-GB. That's why the first rule allows all traffic via the load balancer and i set up the second rule to block all non-GB traffic. I may have misunderstood your suggestion so please feel free to correct me. I am in no way a network/firewall expert so open to all suggestions. It would have been easier if i could have blocked all traffic excluding GB at the load balancer.
... View more
11-25-2020
06:31 AM
@BPry that last response was meant for you. Thanks mate. I keep getting html errors when posting which is quite frustrating.
... View more
11-25-2020
06:13 AM
@BPry Thanks for the info. We've set up a dummy Palo Alto in a test environment with PAN-OS 10 to check out the options. See below. I was hoping I wouldn't have to upgrade the PAN-OS but looks like it may be the only solution. So by enabling the x-forwarded for security policy option, it will be at root level on the PA so may affect other rules. I will have to go through all other rules before making changes. It would have been great if you were able to specify explicit security rules to which the x-forwarded option could be explicitly applied. Are you aware of any breaking changes upgrading from PAN-OS version 8 to 10? Thanks
... View more
11-24-2020
08:01 AM
Hi, I am using Palo Alto (PA) firewalls hosting Software Version: 8.1.17 in AWS and need to configure Geo-Blocking so that only GB (United Kingdom) requests are permitted and all other requests denied. The infrastructure setup is as follows: FQDN => Internet Load Balancer => Palo Alto => Internal Load Balancer => EC2 instance I have set up "security" policy 1 under the "policies" tab with the 2 x source addresses which belong to the subnets attached to the internet load balancer. See below: I then set up a second security policy 2 with only "GB" in the source address and enabled the "negate" option (see below). I then placed policy 2 after policy 1 expecting all traffic other than GB to be blocked. This did not work because traffic permitted in rule 1 is obviously forwarding the load balancer IP and not that of the actual source address of the requestor. There is an x-forwarded for option (see below) but do I simply enable both checkboxes? Is there further configuration change required? Any help would be much appreciated. Thanks.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
12-05-2020
06:16 AM
|
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
