This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Blocking OS specific traffic?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Blocking OS specific traffic?

Go to solution
bgranholm
L2 Linker

‎06-24-2014 06:55 AM

Does anyone know if there is a way to block traffic sourced from a specific OS in our network?

We were discussing legacy Windows XP machines. Since they are no longer supported or being updated it would be nice to be able to block them from the internet but allow internal connections to them. (We have a couple of legacy programs we need to keep for customers that either dont exist any more or were never updated to run on anything but windows XP)

We were thinking that we could just block them at the firewall but the firewall doesn't recognize OS that I know of.

We could certainly give them static IPs and block them based on that but it would be nice to be able to block traffic to any Windows XP machine on our network just by virtue of its OS.

Any thoughts?

Thanks,

Ben

Labels:
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
pulukas
L7 Applicator

‎06-24-2014 07:05 AM

For web applications there is a user posted solution for detecting the Windows XP agent and blocking access.

Custom vulnerability signature for identifying Windows XP clients

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

View solution in original post

1 person found this solution to be helpful.
4 REPLIES 4

Go to solution
pulukas
L7 Applicator

‎06-24-2014 07:05 AM

For web applications there is a user posted solution for detecting the Windows XP agent and blocking access.

Custom vulnerability signature for identifying Windows XP clients

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
1 person found this solution to be helpful.

Go to solution
bgranholm
L2 Linker
In response to pulukas

‎06-24-2014 07:57 AM

Thanks Steven, that is perfect!

0 Likes Likes

Go to solution
jkim2
L3 Networker
In response to bgranholm

‎06-24-2014 08:26 AM

if a user changes the user agent which isnt' rocket science then this won't work. this will also only work for web traffic. Look into global protect HIPS or Forescout which is a technology partner with Palo Alto Networks or a NAC solution if you want them off the network.

0 Likes Likes

Go to solution
gafrol
L4 Transporter

‎06-25-2014 06:16 AM 

bgranholm schrieb:




We were thinking that we could just block them at the firewall but the firewall doesn't recognize OS that I know of.

GlobalProtect knows the OS 🙂 So does the Firewall

0 Likes Likes
  • 1 accepted solution
  • 5695 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks