• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1517
  • Last Modified:

Palo alto: FQDN policy based forwarding

Hi.
I need to make a PBF using a FQDN as target. For example to send all the HTTP traffic thru the WAN1, but just the traffic to www.facebook.com thru the WAN2. Can I do that in Paloalto or in other Firewall?

Best
0
ipworkers
Asked:
ipworkers
  • 2
1 Solution
 
Schuyler DorseyCommented:
You can do this in PAN based on FQDN or the app ID.

So it can id the traffic as facebook and route it wherever you define.
0
 
ipworkersAuthor Commented:
Thanks Schuyler.
Can you send me some config screen shots?
As I now, the PaloAlto OS just can identify apps based on IP and the port (L3/4), and can't route based on a FQDN destination. Can you help me to clarify this?

Best
0
 
Schuyler DorseyCommented:
The PANOS does *NOT* identify apps based on IP or port. When identifying an application, it does not care what IP or port is being used. For example, it will identify LDAP traffic regardless of whether it is on port 389 or 34232.

Here is an example rule of a PBF rule which chooses how to route traffic based on the destination being a FQDN object.

fqdn-pbf
You can also route based on application ID. Note you cannot route based on all of the available app IDs in the database but many of them. In this example, I chose ldap.

ldap-pbf
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now