Palo Alto Networks Knowledgebase: How to Create a Security Policy to Block Selective Flash

How to Create a Security Policy to Block Selective Flash

Created On 02/07/19 23:36 PM - Last Updated 02/07/19 23:36 PM


This document describes how to write a Security Policy to block Adobe Flash by default, but allowing Flash on certain websites.
Note: This will work unless the domain uses a dynamic IP address. 



  1. Create address objects for and
    Go to Objects > Address and add the addresses. For each address object, select type FQDN and enter the domain:
    User-added image
    User-added image
    Note: If matches three dynamic IPs, then refresh the FQDN (default every 30 mins) accordingly.
  2. Create an Address Group.
    Go to Objects > Address Group and add the address objects for and
    User-added image
    User-added image
  3. Go to Policies > Security to create a Security Policy that includes the newly created address groups in the Destination Address. Include "Flash" as the application, and then set the action to "allow". Place this Security Policy at the top.
    User-added image
  4. Under the Security Policy above, create another Security Policy denying "Flash". It is important this needs to be the second rule from the top to block all other access to Flash.
    User-added image


owner: pchanda

  • Print
  • Copy Link

Choose Language