Use Special Objects to Restrict Explicit Proxy Internet Traffic to Source IP Addresses
Focus
Focus

Use Special Objects to Restrict Explicit Proxy Internet Traffic to Source IP Addresses

Table of Contents

Use Special Objects to Restrict Explicit Proxy Internet Traffic to Source IP Addresses

Explicit Proxy provides you with special Address Objects, Address Groups, and External Dynamic Lists (EDLs) to restrict access to Explicit Proxy to specific source IP addresses. When you create one or more of these special objects using the following exact names, Explicit Proxy allows the source IP addresses you specify and blocks any other IP addresses:
  • Address Object—Select ObjectsAddresses in the Explicit_Proxy_Device_Group and create an object named Palo Alto Networks Explicit Proxy Allowed Source Address.
  • Address Group—Select ObjectsAddress Groups in the Explicit_Proxy_Device_Group and create an object named Palo Alto Networks Explicit Proxy Allowed Source Address Group.
  • External Dynamic List (EDL)—Select ObjectsExternal Dynamic Lists in the Explicit_Proxy_Device_Group and create an EDL named Palo Alto Networks Explicit Proxy Allowed Source List, and create an EDL with a type of IP List.
You can specify IP addresses such as egress IP addresses of branch offices.
Using wildcards (such as *.*) to skip Explicit Proxy authentication for a large number of domains is not permitted unless you restrict your source traffic to specific source IP addresses using one of these special objects.
Use Address Objects, Address Groups, or EDLs separately or jointly; for example, you could create only an Address Group without creating an Address Object or EDL.