topic Detecting UserAgent spoofing in General Topics

Detecting UserAgent spoofing

BountyHunter21 — Wed, 05 Jan 2022 18:02:02 GMT

Does anyone know if PanOS v10+ can identify when a UserAgent is being spoofed? I've been looking through the discussion boards and online user documentation and haven't been able to find any results. I'm trying to see if we can catch when a device tries to circumvent restriction policies by claiming to be a different device.

Re: Detecting UserAgent spoofing

BPry — Wed, 05 Jan 2022 19:17:03 GMT

@BountyHunter21,

This really isn't something that can be detected at a firewall level. The UserAgent string was never designed to be utilized as a security measure, it's just a string value.

Re: Detecting UserAgent spoofing

OtakarKlier — Wed, 05 Jan 2022 20:22:30 GMT

Hello,

If you have the GlobalPRotect license, this can be used as it can perform posture validation. Your clients would need to vpn in however its a good step since its basically zero trust.

Regards,