Palo Alto Networks Knowledgebase: How to Schedule Policy Actions

How to Schedule Policy Actions

13043
Created On 02/07/19 23:36 PM - Last Updated 02/07/19 23:36 PM
Policy
Resolution

Overview

Policies can be set to perform configured actions on session traffic at scheduled times and days.

 

Steps

  1. On the WebGUI, go to Objects > Schedules then click Add. Choose daily, weekly or non-recurring. To select multiple days during the week, choose weekly, day of week, start time, end time, then add.
    User-added image

    On the CLI:
    > configure
    # set schedule schedule-block-youtube recurring daily 09:00-18:00
     
  2. On the WebGUI go to Policies > Security > Security Policy Rule >  Schedule > Actions.
    User-added image

    On the CLI:
    > config
    # set rulebase security rules block-youtube from L3-Trust to L3-Untrust source any destination any application youtube schedule schedule-block-youtube service any log-end yes action deny
     
  3. Continue adding each day until the list is complete.
  4. Commit the change.

Note: Sessions begun before the scheduled start time are not affected by the policy if session rematch is not enabled (Device > Setup > Session) AND a manual commit is made.

Commit MUST be ran manually via “commit force” from the CLI, or by adding/modifying something in the policy in order to have the option to commit via the WebGUI.

 

See Also

How to Create a Schedule that Spans Two Days

 

owner: panagent



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmAxCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language