topic how to allow NordVPN after done suggestion of BPA for advanced threat license in Next-Generation Firewall Discussions

how to allow NordVPN after done suggestion of BPA for advanced threat license

MavioLee — Thu, 25 Aug 2022 05:19:43 GMT

how to allow NordVPN after done suggestion of BPA for advanced threat license?

I use flashrouter of nordvpn but page.asp can not load and even blank white page shown.

I remove high risk and medium category blocking but can not solve

PA220 configured C2 command and control traffic blocking but cannot find the reason of blocking and can not find which log represent the block because users are using firewall at the same.

Is it possible to tag this flashrouter page.asp traffic to find the cause ?

So far I added a temporary rule after the first block malicious IP list rule to allow ssl and web browsing for a workaround solution , but it need to disable and enable every time the openvpn is down. Openvpn may accumulate a over 8GB value in counter which I do not this value too large or due to the 8GB openvpn is stored so openvpn flow is down ?

Now I know not the C2 Block it , because after temporary rules are quic block rule and category block rule and SSH tunneling and SSH , telnet block rule. These are suspected rules

Re: how to allow NordVPN after done suggestion of BPA for advanced threat license

nikoolayy1 — Wed, 31 Aug 2022 09:33:35 GMT

Better see this article as to discover which rule blocks your traffic as you may have a rule where you have not enabled "log at the session end" and this is why to not see anything:

https://live.paloaltonetworks.com/t5/general-topics/knowledge-sharing-palo-alto-checking-for-drops-rejects-discards/td-p/402102

Re: how to allow NordVPN after done suggestion of BPA for advanced threat license

MavioLee — Wed, 31 Aug 2022 09:49:22 GMT

last week temporary allow rule works at rule three after malicious ip rule block and before adult and high risk and medium risk and malware risk blocked

today this rule not work , page asp in flashrouter show blank page, i have to connect outside cable back to wifi router to make the page asp load first in firefox in mobile first and then connect back to palo alto outside port to use page asp

last week this rule is for show openvpn location and provider dropdownlist , today application filter allow US, CA , GB with ssl and web browsing app not work to show page asp because whole page asp is blank today.

i find log show this rule has characteristic malware and medium risk, so i suspect category rule block , but there is no exception option in category blocking and object section, it makes rules conflict. and need to enable and disable temporary rule when openvpn unstable need to press disconnect and connect again.

Re: how to allow NordVPN after done suggestion of BPA for advanced threat license

MavioLee — Thu, 01 Sep 2022 09:01:10 GMT

today I think that I need to buy second flash router , one is outside and one is dmz , in order to see inside openvpn traffic and at the same time , page asp not blocked

because negate US location , other US high risk can bypass rule.

though I worry flash router page asp is fake page, i check that session all show openvpn destination IP is the correct country I choose