How to Block Traffic Based Upon Countries
Created On 09/25/18 19:38 PM - Last Modified 02/17/21 16:40 PM
- It is possible to block the traffic destined to or sourced from an entire country in the Palo Alto Networks firewall.
- This works based on the fact that the PAN-OS performs a Public IP Address to region mapping by probing an internal database.
- This information is updated weekly through content updates and the firewall maintains this in its database.
- PAN-OS 8.1 and above
- Palo Alto Networks Firewall
- Security Policy based on Geo-Location
Region Object Not Working in Security Policy