This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

BPA Tool False Positives In Shared Versus Vsys1

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

BPA Tool False Positives In Shared Versus Vsys1

fhewiufhwefhwe
L4 Transporter

‎08-17-2021 05:29 PM - edited ‎08-27-2021 04:43 PM

 

Anyone found a solution to get the following false positive not to display?

 

Following all appear enabled, but still show up as failed

Interzone Deny Rule With Logging

Intrazone Deny Rule with Logging

New Apps with Application Filter

Inbound Malicious IP Address Feed

Outbound Malicious IP Address Feed

HIP Profiles Used In Rule Base --- already used security policies where source = vpn

 

Quic App Deny - I have an exception for traffic from Cisco Umbrella forwarders

SSH Proxy / SSH Tunnel - I have a rule configured, but first must allow specific SSH connections

 

Looking at the Best Practices Assessment pdf file -> Policies, it looks like Device Group(s) vsys1 is passing most of these, but Device Group(s) shared is failing.  I only have a single firewall.  Any idea how to fix these?  I do want to get these fixed up to show the report during an upcoming meeting, and explain where we have compensating controls, not that the report may be incorrect...

 

fhewiufhwefhwe_0-1630107377040.png

 

fhewiufhwefhwe_0-1630107707965.png

 

 

3 people had this problem.
0 Likes Likes
4 REPLIES 4

almargaris
L2 Linker

‎08-30-2021 08:43 AM

Hello, can you please submit a support ticket and attach your Tech Support File so that we can investigate what may be the cause of this issue? Once you have done so, please email the support ticket number to bpa@paloaltonetworks.com

 

Thanks,

Alex

Thanks,
Alex Margaris
almargaris@paloaltonetworks.com
0 Likes Likes

Tasmanian_Dv
L0 Member

‎12-10-2021 12:49 PM

Any resolution to this?

0 Likes Likes

fhewiufhwefhwe
L4 Transporter
In response to Tasmanian_Dv

‎12-10-2021 12:54 PM

No, I couldn't get any response whatsoever.

Ryan14
L1 Bithead
In response to fhewiufhwefhwe

‎11-11-2022 08:29 AM

A year later, zero change. 👎

 

 

Get Outlook for Android.
0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks