Solved

Palo alto: FQDN policy based forwarding

Posted on 2014-12-15
3
1,277 Views
Last Modified: 2015-01-19
Hi.
I need to make a PBF using a FQDN as target. For example to send all the HTTP traffic thru the WAN1, but just the traffic to www.facebook.com thru the WAN2. Can I do that in Paloalto or in other Firewall?

Best
0
Comment
Question by:ipworkers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 10

Expert Comment

by:Schuyler Dorsey
ID: 40501453
You can do this in PAN based on FQDN or the app ID.

So it can id the traffic as facebook and route it wherever you define.
0
 

Author Comment

by:ipworkers
ID: 40501721
Thanks Schuyler.
Can you send me some config screen shots?
As I now, the PaloAlto OS just can identify apps based on IP and the port (L3/4), and can't route based on a FQDN destination. Can you help me to clarify this?

Best
0
 
LVL 10

Accepted Solution

by:
Schuyler Dorsey earned 500 total points
ID: 40507180
The PANOS does *NOT* identify apps based on IP or port. When identifying an application, it does not care what IP or port is being used. For example, it will identify LDAP traffic regardless of whether it is on port 389 or 34232.

Here is an example rule of a PBF rule which chooses how to route traffic based on the destination being a FQDN object.

fqdn-pbf
You can also route based on application ID. Note you cannot route based on all of the available app IDs in the database but many of them. In this example, I chose ldap.

ldap-pbf
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month8 days, 5 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question