>
    Configure a Filter Access List
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. Set Up Firewalls
    4. Routing and Interfaces
    5. Configure Routing Profiles
    6. Configure a Filter Access List
    Download PDF
    Next-Generation Firewall

    Configure a Filter Access List

    Table of Contents

    Configure a Filter Access List

    Configure a filter access list to filter network routes based on source and destination IP addresses.
    Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.
    Where Can I Use This?What Do I Need?
    One of these:
    Configure a filter access list to filter network routes based on IPv4 source addresses and destination addresses. For an IPv4 access list, source and destination addresses can be specified by an address and wildcard mask to express a range of addresses. This can be applied to routing profiles to, for example, easily and consistently apply settings that control such things such as route acceptance into the RIB, route advertisements to peers, conditions advertisements, setting attributes, route aggregation, and route redistribution.
    An access list can have multiple rules. Routes are evaluated against the rules in sequential order. When a route matches a rule, the deny or permit action occurs and the route isn’t evaluated against subsequent rules.
    An access list isn’t for filtering user traffic or for providing security.
    1. Log in to Strata Cloud Manager.
    2. Select ManageConfigurationNGFW and Prisma AccessDevice SettingsRoutingProfilesFilters and select the Configuration Scope where you want to configure an access list.
      You can select a folder or firewall from your Folders or select Snippets to configure an access list in a snippet.
    3. Add Filters Access List.
    4. Enter a Name for the access list.
      The name must start with an alphanumeric character, underscore (_), or hyphen (-), and can contain a combination of alphanumeric characters, underscore, or hyphen. No dot (.) or space is supported.
    5. Add IPv4 entry.
    6. Configure the IPv4 access list rule.
      1. Enter the Seq number of the access list filtering rules in the list of rules for the access list.
        Range is 1 to 65,535.
        Leave unused numbers between sequence numbers so you can insert additional rules faster.
      2. Select the Action.
        Default is Deny.
      3. Specify the Source Address.
        You can select None (default), Any, or Address.
        (Address only) If you select Address, enter the IPv4 Address and Wildcard mask to indicate a range. A zero (0) in the mask indicates that a bit must match the corresponding bit in the address; a one (1) in the mask indicates a "don't care" bit.
      4. Specify the Destination Address.
        You can select None (default), Any, or Address.
        (Address only) If you select Address, enter the IPv4 Address and Wildcard mask to indicate a range. A zero (0) in the mask indicates that a bit must match the corresponding bit in the address; a one (1) in the mask indicates a "don't care" bit.
      5. Add.
    7. Save.

    © 2024 Palo Alto Networks, Inc. All rights reserved.