Beware ! PAN-OS 7.0.2 - Seemed to kill AV and inspection

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Beware ! PAN-OS 7.0.2 - Seemed to kill AV and inspection

L0 Member

Hello 

Environment

Rule base is established and working with LDAP integration for users .
Outbound SSL SSL decryption is also setup  and working 7.0.1
Rules allow a group to talk to the Internet.
Security profile are used for AV, Anti Spyware , URL filter and File blocking.
SSL decryption is also setup .

Symptom 
A bespoke Response Page is setup but is not displayed when I attempt to download bad files.
When I download an EICAR file it is not blocked by the firewall. I get no bespoke response page .
Does the same on SSL .

Nothing in threat logs. 

All working 100% on version 7.0.1

Upgrade to 7.0.3 fixes this. 

 

3 REPLIES 3

L4 Transporter

Thanks dieterb but don't think so . 

 

Was also missing other test sites :

http://www.wicar.org/test-malware.html

 

Only one it picked up was ]

Microsoft Internet Explorer CSS Tags Remote Code Execution Vulnerability

 

Everything else go let through. 

 

Soon as I upgraded to version 7.0.3 blocking started again . 

Not sure if it's AV or file blocking causing issue. 

 

Fairly serious though.

When running 7.0.2 then upgrade ASAP as there is issue with Wildfire aswell.

 

7.0.3 release notes

81927

Fixed an issue where a firewall stopped submitting files to a WildFire cloud (public or private) when a CPU process (varrcvr) stopped responding. This issue occurred when receiving an email with a subject line containing more than 252 characters.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 2466 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!