Network Security
Policy Object: Regions
Table of Contents
Expand All
|
Collapse All
Network Security Docs
-
- Security Policy
-
- Security Profile Groups
- Security Profile: AI Security
- Security Profile: WildFire® Analysis
- Security Profile: Antivirus
- Security Profile: Vulnerability Protection
- Security Profile: Anti-Spyware
- Security Profile: DNS Security
- Security Profile: DoS Protection Profile
- Security Profile: File Blocking
- Security Profile: URL Filtering
- Security Profile: Data Filtering
- Security Profile: Zone Protection
-
- Policy Object: Address Groups
- Policy Object: Regions
- Policy Object: Traffic Objects
- Policy Object: Applications
- Policy Object: Application Groups
- Policy Object: Application Filter
- Policy Object: Services
- Policy Object: Auto-Tag Actions
- Policy Object: Devices
-
- Uses for External Dynamic Lists in Policy
- Formatting Guidelines for an External Dynamic List
- Built-in External Dynamic Lists
- Configure Your Environment to Access an External Dynamic List
- Configure your Environment to Access an External Dynamic List from the EDL Hosting Service
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Policy Object: HIP Objects
- Policy Object: Schedules
- Policy Object: Quarantine Device Lists
- Policy Object: Dynamic User Groups
- Policy Object: Custom Objects
- Policy Object: Log Forwarding
- Policy Object: Authentication
- Policy Object: Decryption Profile
- Policy Object: Packet Broker Profile
-
-
-
- The Quantum Computing Threat
- How RFC 8784 Resists Quantum Computing Threats
- How RFC 9242 and RFC 9370 Resist Quantum Computing Threats
- Support for Post-Quantum Features
- Post-Quantum Migration Planning and Preparation
- Best Practices for Resisting Post-Quantum Attacks
- Learn More About Post-Quantum Security
-
-
-
- Investigate Reasons for Decryption Failure
- Identify Weak Protocols and Cipher Suites
- Troubleshoot Version Errors
- Troubleshoot Unsupported Cipher Suites
- Identify Untrusted CA Certificates
- Repair Incomplete Certificate Chains
- Troubleshoot Pinned Certificates
- Troubleshoot Expired Certificates
- Troubleshoot Revoked Certificates
Policy Object: Regions
Define regions to apply policy to specified countries or locations. Applying policy based
on region is a great way to control traffic between branch offices.
Where Can I Use This? | What Do I Need? |
---|---|
|
Enhance your security posture by limiting exposure to potential threats from
high-risk regions, bolster your defense against malicious activities such as
cyberattacks or data breaches, and compliance with regulatory frameworks that mandate
restricted or monitored access to and from specific geographic areas.
In today's interconnected world, you might sometimes face distinct security
challenges that vary based on the regions from which network traffic originates. The
Region policy object provides a fine-grained control
mechanism that aligns security measures with specific geographic regions or
countries.
Use Region to define rules and restrictions based on the
geographic source of traffic, enabling a more tailored approach to network security.
This may include allowing or denying traffic from certain countries, regions, or
continents based on your security requirements and regulatory compliance
obligations.
Region is available as an option when specifying source and
destination for security rules, decryption security rules, and DoS security rules.
You can choose from a standard list of countries or use the region settings described in
this section to define custom regions to include as options for Security rules.
Keep reading to learn how to add geographical regions for applying
policy.
Add a Region
Add a Region (Strata Cloud Manager)
Define regions to apply policy to specified countries or locations. Applying policy
based on region is a great way to control traffic between branch offices.
Regions, along with Addresses and Address Groups allow you to group specific
source or destination addresses that require the same policy enforcement. The
address object can include an IPv4 or IPv6 address (single IP, range, subnet), an IP
wildcard address (IPv4 address/wildcard mask) or the FQDN. Alternatively, a region
can be defined by the latitude and longitude coordinates or you can select a country
and define an IP address or IP range. You can then group a collection of address
objects to create an address group object. You can also use dynamic
address groups to dynamically update IP addresses in environments where
host IP addresses change frequently.
Here, we're going to show you how to use Regions to get better
control over the flow of traffic between your branches. Follow these steps to
specify a geographical region to apply policy to.
- Go to ManageConfigurationNGFW and Prisma AccessObjectsAddressRegions.
- Select Add Region to add a new region to apply policy to.
- Configure the settings in this table:Region SettingsDescriptionNameSelect a name that describes the region. This name appears in the address list when defining security security rules. Typing text into this field to narrow down a standard list of countries for you to choose from.Geo LocationTo specify latitude and longitude, select this option and specify the values (xxx.xxxxxx format). This information is used in the traffic and threat maps for App-Scope.AddressesUsing any of the following formats, specify an IP address, range of IP addresses, or subnet to identify the region:x.x.x.xx.x.x.x-y.y.y.yx.x.x.x/n
- Save your configuration.
Add a Region (PAN-OS & Panorama)
Define regions to apply policy to specified countries or locations. Applying policy
based on region is a great way to control traffic between branch offices.
Regions, along with Addresses and Address Groups allow you to group specific
source or destination addresses that require the same policy enforcement. The
address object can include an IPv4 or IPv6 address (single IP, range, subnet), an IP
wildcard address (IPv4 address/wildcard mask) or the FQDN. Alternatively, a region
can be defined by the latitude and longitude coordinates or you can select a country
and define an IP address or IP range. You can then group a collection of address
objects to create an address group object. You can also use dynamic
address groups to dynamically update IP addresses in environments where
host IP addresses change frequently.
Here, we're going to show you how to use Regions to get better
control over the flow of traffic between your branches. Follow these steps to
specify a geographical region to apply policy to.
- Go to ObjectsRegions.
- Select Add to add a new region to apply policy to.
- Configure the settings in this table:Region SettingsDescriptionNameSelect a name that describes the region. This name appears in the address list when defining security security rules. Typing text into this field to narrow down a standard list of countries for you to choose from.Geo LocationTo specify latitude and longitude, select this option and specify the values (xxx.xxxxxx format). This information is used in the traffic and threat maps for App-Scope.AddressesUsing any of the following formats, specify an IP address, range of IP addresses, or subnet to identify the region:x.x.x.xx.x.x.x-y.y.y.yx.x.x.x/n
- Select OK to save your configuration.