AIOPS inaccurately reports on QUIC BPA Block

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AIOPS inaccurately reports on QUIC BPA Block

L1 Bithead

I blocked QUIC within panorama shared policy last week. AIOPS still recommends blocking QUIC. How do I get AIOPS to recognize that we are blocking QUIC with an App group? I can't create a ticket as the ticket platform keeps shoving me to the LIVE community. I don't think anyone here is able to help as this seems like a parsing issue on AIOPS.

3 REPLIES 3

L1 Bithead

Seems like the AIOPS QUIC blocking check is pretty explicit, that a rule is first in list and has application quic. It likely doesn't match on it being in an app group, or further down the list. When I added a quic block rule, it reported as unresolved until i moved it to the top of the other allow rules

'It is recommended to have a security rule with application = 'quic' and action != 'allow' before any allow rules to ensure encrypted traffic is decrypted and inspected'

 

I am also keen to understand the Palo Alto support model for AIOPS. Even though we have the 'Free' version, you have to spend a lot of money on the firewalls themselves to get it, so not really free, some support would be nice.

Grant Peterson
Technology Operations Manager
Now NZ Limited
64273717751

L1 Bithead

I want to use an APP group so I don't have 2+ rules doing the same thing. AIOPS should be able to parse it. 

I have similar issues with the Malicious URLs EDL recommendation, where if I use my own EDL with exceptions it doesn't meet the BPA recommendation.

Grant Peterson
Technology Operations Manager
Now NZ Limited
64273717751
  • 1629 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!