All things Palo Alto Networks
Implicit rule will allow (intrazone is allow by default) so you want to create a second rule that blocks all other connections
thank you so much. now I need to allow global protect VPN to access some of the counties and want to block the rest of the countries, so I will create a policy allowing them to access the VPN by inserting source counties then action set to allow, I want to block rest of the countries. here is my question, should I create a second policy and keep source country as all and action set to deny or implicitly deny will work here
Hi Hulk Bulk!
This can be achieved by creating a security rule that uses "regions" in the source. Create a rule from untrust to untrust, add the regions you do not want to the source, set applications to ssl, ipsec and Ike ( or 'any') and set the action to drop
I have Palo Alto with 9.1.X version ,I would like to know how to block the countres for accessing global protect VPN , for example country code ML something like