Palo Alto Networks Knowledgebase: How to Configure a Security Policy to Use a Region

How to Configure a Security Policy to Use a Region

7793
Created On 02/07/19 23:55 PM - Last Updated 02/07/19 23:56 PM
Policy
Resolution

Overview

This document describes how to create a security policy to use a region instead of using an IP address. This can be done in both source address and destination address fields. Traffic can be blocked or allowed based on the region's name mentioned on the security policy.

Steps

Create a policy and add the source or destination address to the policy.

  1. Navigate to Policies > Security.
  2. Click Add to bring up the Security Policy Rule dialog.
  3. Under the Source (or Destination) tab, add the address by clicking Add and click regions to select a country.
    source address.JPG
  4. Select either pre-defined region or custom region, as shown below
    • Pre-defined region
      Select a region. After selecting a region, additional IP addresses can be added by clicking on Add.
      country.JPG
      Selected country.JPG
      added.JPG
    • Custom region
      Enter a Name and click "Add" to add IP addresses, as desired. The following screenshot shows the region name as "ABC" and the associated IP address as 10.50.240.63:
      custom region.JPG
      The custom region appears under the "Address" area. In this example, the region was configured for the Source section of the security policy:
      custom sec2.JPG

owner: sbabu



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJWCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language