Saucepan

User Tools

Site Tools

Trace: dos_protection licence_information firewall_resources firewall-hardware bad_session_end zone_protection url_override useful_security_policies
paloaltonetworks:configuration:useful_security_policies

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
paloaltonetworks:configuration:useful_security_policies [2025/05/26 08:27] – [Block Bad IP] bstaffordpaloaltonetworks:configuration:useful_security_policies [2025/05/26 08:31] (current) – [Block Bad IP] bstafford
Line 448: Line 448:
 Two useful external dynamic address lists to use are IPv6 and IPv4 Bogon lists. Block SZ_Internal -> SZ_External access to these destinations as well as SZ_External -> SZ_Internal access. Remember, the IPV4 list included RFC1918 addresses. Two useful external dynamic address lists to use are IPv6 and IPv4 Bogon lists. Block SZ_Internal -> SZ_External access to these destinations as well as SZ_External -> SZ_Internal access. Remember, the IPV4 list included RFC1918 addresses.
  
-Team Cymru Bogons IPv4 - <code>http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt<code/>+Team Cymru Bogons IPv4 - <code>http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt</code>
 IPv4 addresses that should not be routed across the Internet (including RFC1918 private IP addresses). Either reserved IP address space or unassigned and may be used for malicious purposes. More information: http://www.team-cymru.com/bogon-reference.html IPv4 addresses that should not be routed across the Internet (including RFC1918 private IP addresses). Either reserved IP address space or unassigned and may be used for malicious purposes. More information: http://www.team-cymru.com/bogon-reference.html
  
-Team Cymru Bogons IPv6 - <code>http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt<code/>+Team Cymru Bogons IPv6 - <code>http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt</code>
 IPv6 addresses that should not be routed across the Internet. Either reserved IP address space or unassigned and may be used for malicious purposes. More information: http://www.team-cymru.com/bogon-reference.html IPv6 addresses that should not be routed across the Internet. Either reserved IP address space or unassigned and may be used for malicious purposes. More information: http://www.team-cymru.com/bogon-reference.html
  
-Two other IP addresses you can use for DNS sinkholing are ''192.0.0.1/32'' and ''2600:5200::1/128'' in addition to ''sinkhole.paloaltonetworks.com'' which is ''72.5.65.111''.+Two other IP addresses you can use for DNS sinkholing are ''192.0.0.1/32'' and ''2600:5200::1/128'' in addition to ''sinkhole.paloaltonetworks.com'' which was ''72.5.65.111'' but is now (as of 2025), ''198.135.184.22''.
  
 Also block any/any/any access to and from Palo Alto Networks three built in External Dynamic Lists (The third is only available in PAN-OS 9.0+) Also block any/any/any access to and from Palo Alto Networks three built in External Dynamic Lists (The third is only available in PAN-OS 9.0+)
paloaltonetworks/configuration/useful_security_policies.1748248072.txt.gz · Last modified: by bstafford