With more and more vulnerabilities in Java, I would like to know if there is any way in PAN firewall to identify and blocked non latest Java traffic? The goal is to identify machines and inform owners to update their Java version. If not then block the Java traffic from that host.
Thanks in advance.
You can create a regex to match specific java versions ( latest) to allow through the PAN firewall. For all other versions, other than the latest one, set the action as "block". So, all the request will be logged into the PAN firewall.
Reference doc: Creating Custom Threat Signatures
NOTE: The Java spec is written so that JAR files may look like ZIP files in PAN.
You can take a packet capture on a test machine or PAN firewall from a host, where JAVA update is running. After taking the pcap file, you have to analyze the header to get the request information i.e "java version".
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!