Behaviour identifying SSL after dynamic updates installation

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Behaviour identifying SSL after dynamic updates installation

L4 Transporter

Hi,

 

Last night the scheduled dynamic installation was done, the new version 734-4212 (apps) was installed. When this installation happened a lot of traffic before detected like ssl in previous version, it was being detected like "not-applicable" and jumping all rule until default deny. We did a revert updated packet to solve it.

 

Why PA suddenly stop identifying ssl app with this new update package??? what should we do in order to prevent this fail identifying apps in new apps package??

 

 

How should we procced_ Do we re-apply the current version? we should wait for a new one (junmping 734-4241 which is not identifying properly SSL?

 

 

5 REPLIES 5

Community Team Member

Hi @soporteseguridad,

 

I haven't heard of any issues yet.

 

The application column shows not-applicable if the traffic matches an allowing/blocking security rule via a service filter rather than an application filter :

 

https://live.paloaltonetworks.com/t5/Management-Articles/quot-Not-applicable-quot-in-Traffic-Logs/ta...

 

To prevent any unwanted things from happening you could configure a threshold in your update schedule.

If you decide to configure this threshold then please consider this DOC :

 

https://live.paloaltonetworks.com/t5/Management-Articles/Dynamic-updates-scheduled-with-a-threshold-...

 

Cheers,

-Kiwi

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

An example:

 

Before apps package was identifying properly the apps SSL. Traffic SSL and rule defined.

 

new.png

 

After installing last package (last night), we detect problem idetifying SSL

 

old.png

 

Why its not identifying SSL with the new apps package??

 

 

 

 

 

Cyber Elite
Cyber Elite

@soporteseguridad,

While I can't speak to this being a widespread issue as I don't have the current update installed on even my test enviroment at the moment, I would highly recommmend you put some type of delay on your production equipment so that the update needs to be x number of hours old before it gets applied. This usually gives those of us with test envioroments or those that don't have a delay set to notice any potential issues so PA has a chance to pull the update if it trully causes any issues. 

I cant find the cause why PA is not detecting this SSL traffic. I think it could be a widespead issue. If anyone has any PA confirmation just let me know.

Community Team Member

Hi @soporteseguridad,

 

Have you reached out to TAC about this ?

 

If this was a widespread issue, I would have expected more similar reactions (as with content 729 about 2 weeks ago).

 

Cheers,

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 2226 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!