Behaviour identifying SSL after dynamic updates installation

Reply
Highlighted
L4 Transporter

Behaviour identifying SSL after dynamic updates installation

Hi,

 

Last night the scheduled dynamic installation was done, the new version 734-4212 (apps) was installed. When this installation happened a lot of traffic before detected like ssl in previous version, it was being detected like "not-applicable" and jumping all rule until default deny. We did a revert updated packet to solve it.

 

Why PA suddenly stop identifying ssl app with this new update package??? what should we do in order to prevent this fail identifying apps in new apps package??

 

 

How should we procced_ Do we re-apply the current version? we should wait for a new one (junmping 734-4241 which is not identifying properly SSL?

 

 

Highlighted
Community Team Member

Re: Behaviour identifying SSL after dynamic updates installation

Hi @soporteseguridad,

 

I haven't heard of any issues yet.

 

The application column shows not-applicable if the traffic matches an allowing/blocking security rule via a service filter rather than an application filter :

 

https://live.paloaltonetworks.com/t5/Management-Articles/quot-Not-applicable-quot-in-Traffic-Logs/ta...

 

To prevent any unwanted things from happening you could configure a threshold in your update schedule.

If you decide to configure this threshold then please consider this DOC :

 

https://live.paloaltonetworks.com/t5/Management-Articles/Dynamic-updates-scheduled-with-a-threshold-...

 

Cheers,

-Kiwi

Highlighted
L4 Transporter

Re: Behaviour identifying SSL after dynamic updates installation

An example:

 

Before apps package was identifying properly the apps SSL. Traffic SSL and rule defined.

 

new.png

 

After installing last package (last night), we detect problem idetifying SSL

 

old.png

 

Why its not identifying SSL with the new apps package??

 

 

 

 

 

Highlighted
L7 Applicator

Re: Behaviour identifying SSL after dynamic updates installation

@soporteseguridad,

While I can't speak to this being a widespread issue as I don't have the current update installed on even my test enviroment at the moment, I would highly recommmend you put some type of delay on your production equipment so that the update needs to be x number of hours old before it gets applied. This usually gives those of us with test envioroments or those that don't have a delay set to notice any potential issues so PA has a chance to pull the update if it trully causes any issues. 

Highlighted
L4 Transporter

Re: Behaviour identifying SSL after dynamic updates installation

I cant find the cause why PA is not detecting this SSL traffic. I think it could be a widespead issue. If anyone has any PA confirmation just let me know.

Highlighted
Community Team Member

Re: Behaviour identifying SSL after dynamic updates installation

Hi @soporteseguridad,

 

Have you reached out to TAC about this ?

 

If this was a widespread issue, I would have expected more similar reactions (as with content 729 about 2 weeks ago).

 

Cheers,

-Kiwi.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!