Upgraded my NGFW

Since my last blog post I’ve upgraded by Palo Alto NGFW to the latest PAN-OS release which is 9.0 I also got an evaluation license from them to test the advanced features of the firewall. The license also allows me to see all the log entries as well, which is great for troubleshooting any issues I have with the firewall when enabling the different features.

I have the firewall setup to allow traffic from the 10.1.1.0/24 network (inside-zone) to the internet (outside-zone), the 10.1.1.0 network is also NAT’d to my local LAN address of 192.168.1.0/24 otherwise traffic wouldn’t flow as the 10 network is a private address range, I know the 192.168.0.0 network is also a private address range but my home router is setup to also NAT that range to the public IP address I get from my ISP.

One of the first features I am going to add to my security policy is URL filtering. Company policy is to block all web email for example http://www.gmail.com and http://www.outlook.com

URL FILTERING

I am going to add URL Filtering to the security policy that will block web email sites I’m also going to enable Response Pages so when an end user tries to get to a web email site they will get a message saying that it’s against company policy.

I’m first going to go to http://www.gmail.com and show that I can successfully browse to that site, and as you can see below I can. I am doing this from the PC on the inside network with an IP address of 10.1.1.15.

gmail

The first thing I am going to do is enable the response page. To do that go to Device>>Response Pages.

ResponsePages

Once under Device and Response Pages click on the Application Block Page which is currently set to Disable and then tick the box to Enable Application Block Page and click on OK.

Now end users will get a page displaying the reason they were blocked from connecting to sites that I mark as blocked under URL Filtering. So lets set up some URL Filtering now. To do that go to Objects>>URL Filtering.

URLFiltering

There is a default policy already configured which I can edit but I am going to create my own one and name it No Web Email. I’ll first tick the box beside the default policy and clone it. This will create a new policy called default-1 click on it to edit it.

urlwebfiltering

Under my new policy I have named it No Web Email and then I did a search to find we-based-email, here you need to change the Site Access from allow to block and also do the same under User Credential Submission and change that to block. Click on Ok.

Now its time to update the security policy and add the URL Filtering profile I just created. So under Policies>>Security I just clicked on the security policy called ‘inside to out’.

updatesecpolicy

Click on the Action tab and under ‘Profile Setting’ select Profiles as the Profile Type and under URL Filtering select the newly created profile called No Web Email and click on ok. All I have to do now is commit the configuration changes and test to see if this works !

webemailblock

It is working, I’m unable to get to the different web based email services. You can also check this under Monitor>>URL Filtering.

urlfilteringlogs

As you can see mail.google.com has been blocked as well as outlook.com

Any questions leave a comment below.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s