Question regarding Customer Advisory "Content Delivery Network Infrastructure Update"

Reply
Highlighted
L4 Transporter

Question regarding Customer Advisory "Content Delivery Network Infrastructure Update"

There is a new Customer Advisory "Content Delivery Network Infrastructure Update".

https://live.paloaltonetworks.com/t5/Customer-Advisories/Content-Delivery-Network-Infrastructure-upd...

 

We use AppID "paloalto-updates" to allow download of updates. Does this need to be adapted?

 

The firewall devices are configured to use update server "updates.paloaltonetworks.com". Does this need to be adapted?

 

Unfortunately the Customer Advisory does not elaborate on this.

Highlighted
L7 Applicator

Re: Question regarding Customer Advisory "Content Delivery Network Infrastructure Update"

Hello,

If you are using URL filtering to download your PAN updates, then yes you should update the PAN to allow that URL. If you are letting your PAN hit anything on the internet and just using app-id to filter, then probably (BTW I dont recommend this method).

 

I know its a bit vague, however I would say have a policy that allows the PAN to go and get updates, but only from the Palo Alto URL's and specify app-ids. This is very narrow/specific policy and will allow your PAN to get updates.

 

Regards,

Highlighted
L7 Applicator

Re: Question regarding Customer Advisory "Content Delivery Network Infrastructure Update"

@OtakarKlier 

I think @Anon1 was asking about the following value where normally updates.paloaltonetworks.com is configured:

Screenshot_20200121-212522_Chrome.jpg

Highlighted
L4 Transporter

Re: Question regarding Customer Advisory "Content Delivery Network Infrastructure Update"

Thanks for all your answers. Yes, I meant the "Update Server" setting on the firewall devices. 

@OtakarKlier : Do you mean to create a custom URL category object with the *.paloaltonetworks.com URLs and attach it to the firewall rule with the paloalto-updates appid? Isn´t this redundant? I assume the paloalto-updates appid does exactly this (allow access only to the relevant resources for the update service.)

L7 Applicator

Re: Question regarding Customer Advisory "Content Delivery Network Infrastructure Update"

Hello,

Exactly, a custom URL category with the update URL's.

 

Regards,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!