It makes sense to use a security policy with the action Block at the beginning of your security policies. Now everything is prepared and the EDL list can be inserted in the security policy as source or destination address object. The new entries are added automatically with the update, and a Commit is not necessary. Now the certificate profile with the CA certificate can be used in the configuration of the EDL list.Īlso note the update frequency of the list, if the list contains new values. Now that the certificate has been uploaded to the firewall’s certificate store, it can be used in a certificate profile. Create a certificate profile and add the Tor_CA certificate Add the CA certificate to firewall’s the certificate listĪfter you have downloaded the CA certificate, you can upload it to the firewall’s certificate store.ĭevice > Certificate Management > Certificates > Add 4. Please use your browser capabilities to display and download the CA certificate. ![]() ![]() This is solved via the import of the CA certificate into the firewall. Since the list is provided via HTTPS and therefore signed with a certificate, the Palo Alto Firewall must trust the CA certificate which signed the server certificate. Download the CA Certificate from the website as. ![]() If you look at the provided IP list, this is the case:Ģ. This assumes a list with one IP per line. The list of TOR Exit Nodes and further information can be found here:Īs type you should choose the “IP List” selection. ![]() In the following tutorial I will show you how to configure the list of TOR exit nodes, which can be found at as a list of IP addresses. With the possibility to include external lists from third parties via the feature “External Dynamic List EDL”, this opens up many possibilities to restrict your own security policies even better and to prevent access to the TOR network.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |