-
Notifications
You must be signed in to change notification settings - Fork 210
/
Copy pathsample_paloalto.pol
61 lines (51 loc) · 1.13 KB
/
sample_paloalto.pol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
################
### RULEBASE ###
################
# NOTE: makes sure zone names correspond to those specified in your firewall setup
header {
target:: paloalto from-zone internal to-zone external
}
term ping-gdns {
source-address:: INTERNAL
destination-address:: GOOGLE_DNS
protocol:: icmp
action:: accept
}
term dns-gdns {
source-address:: INTERNAL
destination-address:: GOOGLE_DNS
destination-port:: DNS
protocol:: tcp
action:: accept
}
term allow-web-outbound {
source-address:: INTERNAL
destination-port:: WEB_SERVICES
protocol:: tcp
action:: accept
}
header {
target:: paloalto from-zone external to-zone internal
}
term allow-icmp {
protocol:: icmp
action:: accept
}
# pan-application only: service application-default
term allow-pan-app-01 {
pan-application:: web-browsing
action:: accept
}
# pan-application + tcp: service any-tcp
term allow-pan-app-02 {
pan-application:: web-browsing
protocol:: tcp
action:: accept
}
# pan-application + ports: service custom service objects
term allow-pan-app-03 {
pan-application:: ssl
protocol:: tcp
destination-port:: HTTPS IMAPS
action:: accept
}