Network Security
Cloud Managed
Table of Contents
Expand All
|
Collapse All
Network Security Docs
Cloud Managed
Block or allow traffic based on IP addresses or URLs in an external dynamic list, or
use a dynamic domain list with a DNS sinkhole to prevent access to malicious domains.
Block or allow traffic based on IP addresses or URLs in an external dynamic list, or
use a dynamic domain list with a DNS sinkhole to prevent access to malicious
domains.
Tips for enforcing policy with external dynamic lists:
- Search for a domain, IP address, or URL that belongs to one or more external dynamic lists is used in policy. This is useful for determining which external dynamic list (referenced in a Security rule) is causing a certain domain, IP address, or URL to be blocked or allowed.
- Use an External Dynamic List of Type URL as Match Criteria in a Security Security Rule.
- Select.ManageConfigurationNGFW andPrisma AccessSecurity ServicesSecurity Policy
- SelectAdd Ruleand enter a descriptiveNamefor the rule.
- InSOURCE, select aZone.
- InDESTINATION, select aZone.
- InURL CATEGORY / TENANT RESTRICTION, select the appropriate external dynamic list from the URL Category list.
- InActions, set theActionsetting toAlloworDeny.
- SelectSave.
- Verify whether entries in the external dynamic list were ignored or skipped.
- Test that the policy action is enforced.
- View External Dynamic List Entries for the URL list, and attempt to access a URL from the list.
- Verify that the action you defined is enforced.
- Monitor activity. Selectto access the detailed log view.Incidents & AlertsLog ViewerFirewall/URL
- Use an IP External Dynamic List or Predefined IP External Dynamic List as a Source or Destination Address Object in a Security Rule.This capability is useful if you deploy new servers and want to allow access to the newly deployed servers without requiring a commit.
- Select.ManageConfigurationNGFW andPrisma AccessSecurity ServicesSecurity Policy
- SelectAdd Ruleand give the rule a descriptiveName.
- InSOURCEandDESTINATION, set the external dynamic list to be used as theSOURCEandDESTINATIONaddresses.
- InAPPLICATION / SERVICE, make sure theServiceis set toApplication Default.
- InActionsset theActionsetting toAlloworDeny.Create separate external dynamic lists if you want to specify allow and deny actions for specific IP addresses.
- Leave all the other options at the default values.
- SelectSaveto save the changes.
- Test that the policy action is enforced.
- View External Dynamic List Entries for the external dynamic list, and attempt to access an IP address from the list.
- Verify that the action you defined is enforced.
- Selectand view the log entry for the session.Incidents & AlertsLog ViewerFirewall/Traffic
- Use a Predefined URL External Dynamic List to exclude benign domains that applications use for background traffic from Authentication policy.When you select thepanw-auth-portal-exclude-listEDL type, you can easily exclude from Authentication policy enforcement the domains that many applications use for background traffic, such as updates and other trusted services. This ensures that the necessary traffic for these services is not blocked and application maintenance is not interrupted.
- Select.ManageConfigurationNGFW andPrisma AccessIdentity ServicesAuthenticationAuthentication RulesAdd Rule
- InServices and URLs, select the Predefined URL EDL as theURL Category.
- InAction, selectDo Not Authenticate.
- SelectSave.
- Movethe rule to the top so that it's the first rule in the policy.