https://live.paloaltonetworks.com/t5/general-topics/fortigate-minemeld-url-feed-injestion-issue-outgoing-url/m-p/402720#M95278 <P>Good afternoon,</P> <P>we've noticed a strange issue on a client firewall that injests URL IoCs from our Minemeld instance into an outbound block policy.</P> <P>Specifically it seems that the Firewall Minemeld Policy is blocking outgoing URLs connections that are not actually present inside the Minemeld URL output feed. We're investigating the issue as it seems a firewall injestion problem and we will keep this discussion updated.</P> <P>Further details are:</P> <P>- Miner &amp; Output nodes are using the following feed: <SPAN><A href="https://openphish.com/feed.txt" target="_blank">https://openphish.com/feed.txt</A></SPAN></P> <P>- the URLs blocked by the firewall policy: <A href="http://www.google.com/" target="_blank">www.google.com,</A>&nbsp;<A href="http://secure-web.cisco.com/1krLs7fcULJrCuXr-rp2B6NJgBrkfD2V0QsW6psBQmZaX6eb27u0n3ohTycBDuMflpE1Y4j4Eda4b12VqwKHGW8bPRRPITsKZ7pYmBni_cCDXM9t3RQUbcXJq_ma2qJh6iwJ0ZRQUqwG-kOzp7YEC5xfEIoqgyvslma_zLIjjJ_471UgGdTTvVFiRD3T1nVFvv9RdZz_6NA46kiRIlFgWJAIUzW-_ve0FRQSxfMqJjQ2bVFjiHgrp_GfgHhbABfkBhb621y7nhs2tljiBKx2YRB1Dg0DxK6HsPzmNP-5zwEChaPH39BAa0H_05iPSERNp/http%3A%2F%2Fwww.cprsystem.it%2F" target="_blank">www.cprsystem.it/</A></P> <P>- Firewall vendor: Fortigate (i'll ask the version)</P> <P>&nbsp;</P> <P>If you maybe have any additional info or suggestion please comment.</P> <P>Best,</P> <P>V.E.</P> Wed, 28 Apr 2021 13:58:06 GMT VCiverra 2021-04-28T13:58:06Z https://live.paloaltonetworks.com/t5/general-topics/fortigate-minemeld-url-feed-injestion-issue-outgoing-url/m-p/402720#M95278 <P>Good afternoon,</P> <P>we've noticed a strange issue on a client firewall that injests URL IoCs from our Minemeld instance into an outbound block policy.</P> <P>Specifically it seems that the Firewall Minemeld Policy is blocking outgoing URLs connections that are not actually present inside the Minemeld URL output feed. We're investigating the issue as it seems a firewall injestion problem and we will keep this discussion updated.</P> <P>Further details are:</P> <P>- Miner &amp; Output nodes are using the following feed: <SPAN><A href="https://openphish.com/feed.txt" target="_blank">https://openphish.com/feed.txt</A></SPAN></P> <P>- the URLs blocked by the firewall policy: <A href="http://www.google.com/" target="_blank">www.google.com,</A>&nbsp;<A href="http://secure-web.cisco.com/1krLs7fcULJrCuXr-rp2B6NJgBrkfD2V0QsW6psBQmZaX6eb27u0n3ohTycBDuMflpE1Y4j4Eda4b12VqwKHGW8bPRRPITsKZ7pYmBni_cCDXM9t3RQUbcXJq_ma2qJh6iwJ0ZRQUqwG-kOzp7YEC5xfEIoqgyvslma_zLIjjJ_471UgGdTTvVFiRD3T1nVFvv9RdZz_6NA46kiRIlFgWJAIUzW-_ve0FRQSxfMqJjQ2bVFjiHgrp_GfgHhbABfkBhb621y7nhs2tljiBKx2YRB1Dg0DxK6HsPzmNP-5zwEChaPH39BAa0H_05iPSERNp/http%3A%2F%2Fwww.cprsystem.it%2F" target="_blank">www.cprsystem.it/</A></P> <P>- Firewall vendor: Fortigate (i'll ask the version)</P> <P>&nbsp;</P> <P>If you maybe have any additional info or suggestion please comment.</P> <P>Best,</P> <P>V.E.</P> Wed, 28 Apr 2021 13:58:06 GMT https://live.paloaltonetworks.com/t5/general-topics/fortigate-minemeld-url-feed-injestion-issue-outgoing-url/m-p/402720#M95278 VCiverra 2021-04-28T13:58:06Z https://live.paloaltonetworks.com/t5/general-topics/fortigate-minemeld-url-feed-injestion-issue-outgoing-url/m-p/403179#M95279 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/158751">@VCiverra</a>&nbsp;I am sorry but I don't know much about Fortigate. Maybe someone in the community can help you.</P> Wed, 28 Apr 2021 15:04:04 GMT https://live.paloaltonetworks.com/t5/general-topics/fortigate-minemeld-url-feed-injestion-issue-outgoing-url/m-p/403179#M95279 lmori 2021-04-28T15:04:04Z