Network technologies and trends

Dec 26 2015   4:31AM GMT

What is Palo Alto Security Policy – Series 1?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Tags:
Administrator
application
Default route
Ethernet
Firewalls
HA
Interface
Layer 2
LAYER3
Loopback
Palo Alto Networks
Security policy
Services
Static route
tunnel
URL
Users
VLAN
YouTube

Palo Alto Firewalls uses security policies to either allow or deny an access, Security Policies comprises of a list of security policy rules. Each Security policy rule comprises of objects  like

  • Address both source and destination
  • Applications
  • Users
  • Services
  • Url Category
  • Action
  • Profile

PA Security Policy

One can either use all the objects or some of the objects to configure a Security Policy rule (depends on the purpose of the policy). The Palo Alto Firewall takes an action for configured security policy only when a session matches all the defined fields of the security policy.

Palo Alto Security Policy

The above shown Security Policy will  block YouTube access only when the session is sourced from trust zone  with users alldevelopers and yasir, and destined towards untrust zone with an attempt to access YouTube, then the action the Palo Alto Firewall take is to block the YouTube access.

Like any other firewall, Palo Alto Networks Firewalls adopts the top down approach to evaluate the security polices and takes an action based on the matching policy, if the policy is found no further  rules are evaluate,  if not it keeps on looking for match until the last rule is evaluated. If there were no matches found the session will be dropped.

In our next post we will discuss more about Security Policy rules types.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: