Palo Alto Networks Knowledgebase: How to Create a Security Policy to Block Selective Flash
How to Create a Security Policy to Block Selective Flash
Created On 02/07/19 23:36 PM - Last Updated 02/07/19 23:36 PM
This document describes how to write a Security Policy to block Adobe Flash by default, but allowing Flash on certain websites. Note: This will work unless the domain uses a dynamic IP address.
Create address objects for example.com and example.org. Go to Objects > Address and add the addresses. For each address object, select type FQDN and enter the domain:
Note: If example.com matches three dynamic IPs, then refresh the FQDN (default every 30 mins) accordingly.
Create an Address Group. Go to Objects > Address Group and add the address objects for example.com and example.org.:
Go to Policies > Security to create a Security Policy that includes the newly created address groups in the Destination Address. Include "Flash" as the application, and then set the action to "allow". Place this Security Policy at the top.
Under the Security Policy above, create another Security Policy denying "Flash". It is important this needs to be the second rule from the top to block all other access to Flash.