To configure an allow list on a Palo Alto firewall, you can create a Security policy rule that permits traffic from a specific source (IP address, subnet, or zone) to a specific destination (IP address, subnet, or zone) and a specific service/application.
To do this, please follow these steps:
- Log in to the Palo Alto firewall web interface.
- Navigate to the POLICIES>Security.
3. Click Add in the bottom to create a new security policy rule.
4. In the General, enter Name, Rule type, Description, Tag, group Rules by Tag.
5. In the Source, select Source Zone, for example trust.
6. In Destination, select Destination Zone, untrust and also check Any.
7. In Application, add applications or Any.
8. In Service/URL Category, add Services or RUL Category, Outsideweb in our example.
9. In Actions, select what you want to do, for example Action allow.
10. Since we add Outsideweb in Service/URL Category, we need to create or add the website you want to allow to access the Internet in OBJECTS.
1) Navigate to OBJECTS>Custom Objects>URL Category.
2) Click Add if you need to create a new object. If you already have the object, double click on it.
3) Add the website you want to allow to be accessed.
