Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Problem with CDN and AVG Update

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Problem with CDN and AVG Update

L1 Bithead

Hi

I have an issue about AVG and CDN. I used PA 220 with Details :

Software Version 10.0.6
Application Version 8435-6846 (07/27/21)
Threat Version 8435-6846 (07/27/21)
Antivirus Version 3791-4302 (07/28/21)
Network Layer 3

1. AVG Update

Regarding this issue, when I created specific rule with source IP address my workstation for AVG with application avg-update and I try hit update avg from my workstation. AVG  update always failed, can not update. And I tried create specific rule with source IP address my workstation and application any, and I tried hit update avg from my workstation, sometimes failed and sometimes succeed. when I looked traffic AVG on Log Monitor Paloalto. Traffic AVG used avast-av-update or ssl application not used avg-update application. I have already update dynamic update to latest. the result always same, traffic used ssl and avast-av-update, sometime succeed updated and sometimes failed. Could community give me clue for resolve this issue, please?

 

2. CDN

I could access this CDN http://global.oktacdn.com/ with http (web browsing app), but when used ssl I can not access https://global.oktacdn.com/  https://koows.com/, refresh  the , connection always reset. I used two platform windows and linux, the results always same. It is very unique, when I checked on Log:

- There is no traffic ssl arrived to paloalto from both platform

- there is no blocking from URL or Threat or Data Filtering

If I open github.com, google.com with ssl or another web with ssl, it is fine. I could open url expected global.oktacdn.com.

Could anyone give me clue for resolve this issue, please?

Thanks in advance

Jamwalriti

1 REPLY 1

Cyber Elite
Cyber Elite

@Jamwalriti,

Are you actually logging interzone-default traffic (or have you created a logged catch-all rule)? Are you decrypting outbound traffic? 

A default lab device running the latest dynamic updates and a basic rulebase configuration has no issue accessing the CDN address that you have listed above through either HTTP or HTTPS connections. 

  • 1866 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!