- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-09-2023 06:52 AM
I blocked QUIC within panorama shared policy last week. AIOPS still recommends blocking QUIC. How do I get AIOPS to recognize that we are blocking QUIC with an App group? I can't create a ticket as the ticket platform keeps shoving me to the LIVE community. I don't think anyone here is able to help as this seems like a parsing issue on AIOPS.
03-09-2023 08:46 AM
Seems like the AIOPS QUIC blocking check is pretty explicit, that a rule is first in list and has application quic. It likely doesn't match on it being in an app group, or further down the list. When I added a quic block rule, it reported as unresolved until i moved it to the top of the other allow rules
.
'It is recommended to have a security rule with application = 'quic' and action != 'allow' before any allow rules to ensure encrypted traffic is decrypted and inspected'
I am also keen to understand the Palo Alto support model for AIOPS. Even though we have the 'Free' version, you have to spend a lot of money on the firewalls themselves to get it, so not really free, some support would be nice.
03-09-2023 08:48 AM
I want to use an APP group so I don't have 2+ rules doing the same thing. AIOPS should be able to parse it.
03-09-2023 08:55 AM
I have similar issues with the Malicious URLs EDL recommendation, where if I use my own EDL with exceptions it doesn't meet the BPA recommendation.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!