Palo Alto scanning with Nessus

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Palo Alto scanning with Nessus

Cyber Elite
Cyber Elite

Hello,

Does anyone else out there scan their firewalls with Nessus? Just curious if you have some other definitions defined other than what tenable has listed on their support site. I've tried google but its not helping much.

 

Thanks in advance!

1 accepted solution

Accepted Solutions

This document https://www.sans.org/reading-room/whitepapers/auditing/palo-alto-firewall-security-configuration-ben... help guide you through all the basics to help ensue you are not missing anything  obvious. Taking a more agressive response with your IPS responses (default actions of reset and drop) and using an exception response of block-ip will reduce the effectiveness of a scanning tool.

 

Hope this helps,

 

Phil

View solution in original post

7 REPLIES 7

L4 Transporter

why are you scanning your firewall with nessus? are you getting useful information?

Compliance requirements from our customers. As for unseful info, not for me with the baked in plugins and compliance checks they have. It looks for some best practices stuff that could be useful to someone that has not configured everything or just a quick check to see if things are configured.

Very interesting - I would never have thought of scanning a firewall with nessus not sure that it would be much good

Yeah it can be handy to just make sure best practices are followed, etc.

L4 Transporter

Hey, 

 

I wanted to share my one case with Nessus.

 

https://discussions.tenable.com/message/32299#32299

 

Plugin ID 83875.

 

This is a false positiveand Nessus is working to fix this.

 

Thanks!

This document https://www.sans.org/reading-room/whitepapers/auditing/palo-alto-firewall-security-configuration-ben... help guide you through all the basics to help ensue you are not missing anything  obvious. Taking a more agressive response with your IPS responses (default actions of reset and drop) and using an exception response of block-ip will reduce the effectiveness of a scanning tool.

 

Hope this helps,

 

Phil

Doing more digging I also found the following its still beta however...

 

http://iase.disa.mil/stigs/Pages/index.aspx

 

  • 1 accepted solution
  • 9726 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!