Explicit Proxy provides you with special Address
Objects, Address Groups, and External Dynamic Lists (EDLs) to restrict
access to Explicit Proxy to specific source IP addresses. When you
create one or more of these special objects using the following
exact names, Explicit Proxy allows the source IP addresses you specify
and blocks any other IP addresses:
Address Object—Select in the
Explicit_Proxy_Device_Group and create an object named Palo Alto
Networks Explicit Proxy Allowed Source Address.
Address Group—Select in the Explicit_Proxy_Device_Group
and create an object named Palo Alto Networks Explicit Proxy
Allowed Source Address Group.
External Dynamic List (EDL)—Select in
the Explicit_Proxy_Device_Group and create an EDL named Palo
Alto Networks Explicit Proxy Allowed Source List, and create
an EDL with a type of IP List.
You can specify
IP addresses such as egress IP addresses of branch offices.
Using
wildcards (such as *.*) to skip Explicit Proxy authentication for
a large number of domains is not permitted unless you restrict your
source traffic to specific source IP addresses using one of these special
objects.
Use Address Objects, Address Groups, or EDLs separately
or jointly; for example, you could create only an Address Group
without creating an Address Object or EDL.