Palo Alto – Geo Blocking
What’s Geo-Blocking?
Geo-Blocking is the producer of blocking or limiting access to a geographic location.
We can block the information based on unique IP addresses handed out to every country based on their location. IP addresses are managed by the Internet Assigned Number Authority (IANA) and based on their growth they are given additional blocks.
Why do we want to block them?
We want to be proactive with cybercrime and malicious content. Cybercrime can be as simple as spam all the way to malicious software code trying to access data they are not allowed to access. Russia, China, Netherlands, Australia, and even the US are Top countries for hosting malicious domains. We can’t block the US but was can block other High-Risk Countries that could have an impact on our business.
Geo-Blocking is the producer of blocking or limiting access to a geographic location.
We can block the information based on unique IP addresses handed out to every country based on their location. IP addresses are managed by the Internet Assigned Number Authority (IANA) and based on their growth they are given additional blocks.
Why do we want to block them?
We want to be proactive with cybercrime and malicious content. Cybercrime can be as simple as spam all the way to malicious software code trying to access data they are not allowed to access. Russia, China, Netherlands, Australia, and even the US are Top countries for hosting malicious domains. We can’t block the US but was can block other High-Risk Countries that could have an impact on our business.
High Risk Countries – uit.stanford.edu
Updated: Feb. 23, 2018
1 Afghanistan
·
Algeria
·
Belarus
·
Burundi
·
Camaroon
·
Central African Republic
·
Chad
·
China, The People's Republic of
·
Colombia
·
Congo, Democratic Republic of the
·
Crimea (Region of Ukraine)
·
Cuba*
·
Egypt
·
El Salvador
·
Eritrea
·
Haiti
·
Honduras
·
Hong Kong
·
Iran*
·
Iraq
·
Israel, the West Bank and Gaza
·
Kenya
·
Korea, Democratic People's Republic of*
·
Lebanon
·
Libya
·
Mali
·
Mauritania
·
Mexico
·
Myanmar
·
Niger
·
Nigeria
·
Pakistan
·
Philippines
·
Russia
·
Saudi Arabia
·
Somalia
·
South Sudan, Republic of
·
Sudan*
·
Syria*
·
Thailand
·
Ukraine
·
Venezuela
·
Yemen
·
Zimbabwe
After you determine which countries you like to block we
will need to learn the Country Code (CC) to be able to apply it to the Palo
alto.
·
Country Code:
In the Example Below, we will block the following Countries:
South Africa = ZA
Taiwan = TW
Russia = RU
Lets get into it:
1.
Create a security rule Named “Block Country –
Ext to Int”
a.
And “Block Country – Int to Ext”
2.
For “Block Country – Ext to Int”
a.
Source : Outside
b.
Source Address: ZA,TW,RU
3.
Destination Tab:
a.
Source : Inside
4.
Action Tab:
a.
Action : DENY
For some added security, I often add Geo-Blocking in both directions. As stated before, we can not block the US as this will block legitimate traffic but we can block High Risk Countries that can pose a threat to our environment.
I hope you enjoy the post
Thank you,
AzNetAdmin
I hope you enjoy the post
Thank you,
AzNetAdmin