Solved

Palo alto: FQDN policy based forwarding

Posted on 2014-12-15
3
1,029 Views
Last Modified: 2015-01-19
Hi.
I need to make a PBF using a FQDN as target. For example to send all the HTTP traffic thru the WAN1, but just the traffic to www.facebook.com thru the WAN2. Can I do that in Paloalto or in other Firewall?

Best
0
Comment
Question by:ipworkers
  • 2
3 Comments
 
LVL 10

Expert Comment

by:Schuyler Dorsey
ID: 40501453
You can do this in PAN based on FQDN or the app ID.

So it can id the traffic as facebook and route it wherever you define.
0
 

Author Comment

by:ipworkers
ID: 40501721
Thanks Schuyler.
Can you send me some config screen shots?
As I now, the PaloAlto OS just can identify apps based on IP and the port (L3/4), and can't route based on a FQDN destination. Can you help me to clarify this?

Best
0
 
LVL 10

Accepted Solution

by:
Schuyler Dorsey earned 500 total points
ID: 40507180
The PANOS does *NOT* identify apps based on IP or port. When identifying an application, it does not care what IP or port is being used. For example, it will identify LDAP traffic regardless of whether it is on port 389 or 34232.

Here is an example rule of a PBF rule which chooses how to route traffic based on the destination being a FQDN object.

fqdn-pbf
You can also route based on application ID. Note you cannot route based on all of the available app IDs in the database but many of them. In this example, I chose ldap.

ldap-pbf
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now