Lets Encrypt

Our customer is implementing the Lets Encrypt (https://letsencrypt.org/) in the whole his infrastructure. 

This way, every certificates SSL expired in 90 days.

The Palo Alto use certificate SSL to VPN, Captive Portal, and others services.

Is there an au

Custom App-ID for DNS-over-https

Hi community

As you may have noticed DNSSec is extremely slowly getting attention and it even does not improve the users privacy because the dns request are only signed but not encrypted. So other people and companies are searching alternatives to se

Custom Signature to Detect Weak Cipher Negotiation in Phase 1 ISAKMP Negotiation

Good Afternoon,

    Is it possible to create a custom threat signature or APP-ID to match various strings of data inside of the ISAKMP initial payload during the IPSec phase 1 negotiation. The first packets are sent in plaintext during the negotiation

How to submit changes to existing Add-id?

Hello.

We're noticed that webex app uses SIP connection over port 5061. I don't see it's listed in App-ID database and I believe it should be there. Please correct me if I'm wrong.

How do I submit App-ID change request? Since it's related to webex in

A few questions about signatures and custom apps

So I've had some issues with the most recent custom app I'm attempting to make.  Our server team is implementing Papercut on campus and there doesn't seem to be a pre-built app for it.  I submitted a request for it but figured I'd try to take a crack

Office 365 Vulnerability of HTML “baseStriker attack” and Mitigation by PAN Firewall

Hi Team,

recently there is one vulnerability found in office 365 vulnerability has been identified in Microsoft Office 365, a remote user can exploit this vulnerability to trigger Security Restriction Bypass on the targeted system.

Is there any way to

Regex for User Agent for ASA Anyconnect syslog

We have stale userID/IPaddr entries in PA from our AD servers.

We implemented regex and syslog feed for the campus ASA so solve the issue, but need it also for Anyconnect user traffic.

Found what appears to be the regex for anyconnect syslog feed.

htt

Quick Question - escaping parentheses?

So, none of the docs I can find show parentheses as a reserved character, but when I put in a regex of 'sample(_POST' it is rejected, but when I do 'sample\(POST' it is taken - in these samples the '' are not there.  

But, I'm not sure if the REXEX i

Fortnite

Is anyone successfully blocking fortnite?  I'm also looking to block PUBG Mobile

Custom APP-ID for more granular access to MS Office online components

I would like to have more granular control over access to Microsoft online resources, specifically Visual Studio tools. Access to the site currently is identified as 'ms-office365-base' but I would like to specifically identify the logon page and res

Basic Rule to Detect/Alert on OvenVas Scanners

So I'm surprised that the Palo Alto doesn't have a signature to detect OpenVAS scanners. I would like to create a simple rule that detects "User-Agent: OpenVAS" (Ultimately I would like to just block these entirely.

Is something that can be easily bu

How to create new APP ID or signature to block VPN360 App

Hi !

I was refered by TAC support to post requst here. we want to block VPN360 Apps on Iphone. It uses proxy IP to access internet bypassing URL filtering. IP is hopping and changing everytime you disconnected and reconnected App and it is standard S

Custom Signature for Dahua NVR

Hello All,

I am working on creating a custome signature for a Dahua NVR that we would like to allow remote access to.  It operates on port 37777 which has been allowed, but traffic still shows up as unknown-tcp and is subsiquently blocked.  Does anyo