Dynamic Update Issue?

Reply
Highlighted
L1 Bithead

Dynamic Update Issue?

Our library has a Millenium server, the application is millenium-ils.

It stopped communicating after APP+Threat  release 484 installed.

I rolled back to APP+Threat release 482 and it restored communication.

This morning APP+Threat  release 485 installed and once again the Millenium Server is unreachable.

Performed the roll back to 482, and it is working fine.

Has any one else seen this?

L7 Applicator

Re: Dynamic Update Issue?

Hello Mikempo,

Based on the version 484 Application and Threat Content Release Notes, there are no changes has been implemented for millenium-ils application on this database. Could you please let me know, is it reflecting in your "deny" traffic logs.

You may expand the traffic logs for the Millenium Server and share with us. From the traffic log viewer, we will come to know if that traffic is getting blocked by any of the security profiles ( as a false positive)  i.e vulnerability, spyware etc.

For an example:

traffic-logs.JPG

Thanks

L1 Bithead

Re: Dynamic Update Issue?

Hulk,

Sorry to take so long.

I checked the Threat logs and filtered with millenium-ils and received a /General Exploit Host Webpage/ under the name column.

The signature ID is /37349/ Severity: High.

Under my custom VP profile, High is blocked.

Last week, I opened a ticket with PA, they gathered info.

This morning they got back to me.

They could not replicate the issue.

They are suggesting a debug (FW off-line).

VP 487 downloaded and installed Tuesday night with same results.

I created an exception on my VP profile to allow ID 37349.

This is where I stand at the moment....

Mike

L7 Applicator

Re: Dynamic Update Issue?

Hello Mike,

Could you please let us know the case ID. To investigate this issue, PAN TAC should take below mentioned information:

---- A full session pcap for RX, TX, FWW, DROP all 4 stages in PAN firewall.

---- Flow-Basic, App-ID Basic.

---- pcap at the soucre and destination as well ( if possible)

---- session details (between source and destination)

--- >show session id xxxx

Thanks

L1 Bithead

Re: Dynamic Update Issue?

Hulk,

[Case#: 00298164 ] - Millenium-ils app stopped working after content update

Mike

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!