I have a customer who asked about traffic which he saw on his Firewall.
I looked in firewall logs from several others customers and find the same IP address. It is always a HTTP oder HTTPS connection.
The traffic is coming from the 188.8.131.52. According to several internet sources this IP address belongs to PaloAlto Networks
Because neither the PaloAlto Website or Google could gave me an answer on this and this not really worth a support case, i thought to place this question here. I think this might be a web crawler or something like this?!
I hope someone can clearfy this
Solved! Go to Solution.
This IP Address has been spamming my network, 4.5 million events since early october~~. This is setting off IDS alerts and taking away time from our team to research. This seems really excessive for a web crawler does it not? It's constant 35,000 - 39,000 events per day.
Can you stop, or do we just blacklist you?
Would it be reasonable to ask PAN to release the IP Range of IPs that they use for web crawling/scanning? We could create our own security policy so these events won't log and note that it is our security vendor crawling us.
@khuynh That's a really laxed response for a security related incident that you're responsible for. Why would I need to make a TAC when you're the person who is apparently involved in the scanning/web crawling activity? PAN should have this published to customers so we do not have to use resouces to researching a potentional security issue.
Thanks I will make a TAC, and I have changed my mind and removed you from my friends list.
I didn't mean to be rude, sorry if you feel that.
I do work for Palo Alto as a SE, but I'm not responsible for the scanning of our internal teams. I have in my region several customers who have the same concerns as you, and I want you to have the most detailed answer and the best solution for you. The best way to figure out a good solution for your environnement is to go through our TAC, who will be able to deliver the best solution that fits you, depending on your architecture, devices, licenses, and so on.
A little bit sad to hear that we are not friend anymore on Live ;), but I will still go on and try to help people here to the best of my knowledge.
PS: Feel free to drop me an email if you want to continue this discussion.
Thanks for the additional information @khuynh
>I have in my region several customers who have the same concerns as you
At this point what solutions do you provide for them? If you have previously asked them to open a TAC was there any resolution found that you can share? I really just want to know if this is a single 1-off IP Address, or if this web crawling traffic will be coming from an entire PAN IP Address subnet. We can then create our own settings that would be best to mitigate this traffic.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!