01-15-2019 01:22 AM
Hi community,
can anyone clear my following doubts.
01-17-2019 11:18 AM
Hi @Abdul_Razaq
Yes, your paloalto firewall will block these emails if the URLs are known malicious/phishing URLs. Unknown ones will be forwarded to wildfire bjt the email will also be forwarded even if wildfire decides this is a phishing URL. Mainly this is because the paloalto firewall is only stream based so it does what it can (which is already a lot) without storing data on the firewall while an email gateway is working store-and-forward. So it takes the email, does all the configured checks for malware and in some cases also URL reputation checks and if everything is good, then the email will be forwarded.
01-16-2019 12:25 PM
@Abdul_Razaq wrote:
- What if i get a mail to my server having malicious url inside mail( PA allready knows it as malicious, hope othervise he send to wildfire for analysis and update PAN-DB) , will PA block email?
Yes, PA will block the email and if the URL is not known it will be sent to WF
@Abdul_Razaq wrote:
- what if i have URL as attachment ( encoded as pdf and attached to email) ?,
- will antivirus profile will check URL aswell as he checks other file type?.
PA will not check these URLs. It will only block the email if the attachment itself contains a virus
@Abdul_Razaq wrote:
- is there any difference if it was a phishing link or a download link ?
PA will only block (if you configure it to) emails that contain phishing, malware and c&c URLs
@Abdul_Razaq wrote:
- I understand if user clicks the url, he will be blocked as i have url filtering from inside to outside, (my concern is if he is outside network, not using GP nd access the site, his machine/credentials will be compromised.
Yes, without the firewall the users are obviously not protected by PA
@Abdul_Razaq wrote:
- Is there a way for making PA to check email-link reputation with DB before the email send to user, if DB doesnt categorised the URL, email should go to user as wildfire will take time.
No, not yet. This is in my opinion a job for an email gateway and not for a firewall.
01-16-2019 11:04 PM
Thanks vsys_remo for your kind support.
I am bit confused between first and Last answer, is in't it conflicting ?.
Just need to know whether PA will be blocking email if email body contains malicious/Phishing URL before the email reaches the reciever. PA will know about the url if he checks url DB only right?. i understand these all are email gateways job. But feels like, because these are technically possible, may PA is doing this.
01-17-2019 11:18 AM
Hi @Abdul_Razaq
Yes, your paloalto firewall will block these emails if the URLs are known malicious/phishing URLs. Unknown ones will be forwarded to wildfire bjt the email will also be forwarded even if wildfire decides this is a phishing URL. Mainly this is because the paloalto firewall is only stream based so it does what it can (which is already a lot) without storing data on the firewall while an email gateway is working store-and-forward. So it takes the email, does all the configured checks for malware and in some cases also URL reputation checks and if everything is good, then the email will be forwarded.
01-17-2019 11:39 AM
03-26-2019 06:57 AM
Hi @Remo ,
I have couple of confusions here, could you please help.
Which database firewall will check for these URLs in email ?. is it PAN-DB ?. if yes, hope i need PAN-DB licence to have link analysis work properly.
So as you mentioned, when one url previously identified as malicious is available in another mail to differenr reciever, the mail will be blocked?.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
