This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

VPN disconnection when using the sbs robot, which performs queries to a certain page located in the internal network of an entity.

cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VPN disconnection when using the sbs robot, which performs queries to a certain page located in the internal network of an entity.

F.Pinar
L3 Networker

‎03-07-2025 10:54 AM

They mentioned that based on this behavior in which they think that this is a :

 

1.-Threat identification.
2.- VPN disconnection when using the sbs robot, which performs queries to a certain page located in the internal network of an entity (Judicial Power).

3. -Sbs query: add ip range in the policies so that a user group can access from vpn connection.

 

Have you ever had a case like this one ?

1 person had this problem.
2 REPLIES 2

BPry
Cyber Elite
Cyber Elite

‎03-08-2025 09:17 PM

@F.Pinar,

Can you provide more information on what this "sbs robot" is? Being identified as a threat doesn't immediately disconnect you from VPN by default, but it can depending on how you have things configured and what automation may be in play. This is something that you should be able to easily validate via the threat logs. Without knowing what this "sbs robot" is and what it's actively trying to accomplish it's difficult to provide any guidance.

 

 

0 Likes Likes

F.Pinar
L3 Networker

‎03-12-2025 11:15 AM

Moreover, I checked the URL 

https://urlfiltering.paloaltonetworks.com/
https://threatvault.paloaltonetworks.com/
URL: reinpros.pj.gob.pe
Categories: Government
Risk Level: Low-Risk
Category: Government
Description: Official websites for local, state, and national governments, as well as related agencies, services, or laws
Example Sites: www.ca.govwww.sfgov.orgwww.dmv.ca.gov
Risk Level: Low-Risk
Description: Any site that is not High Risk or Medium Risk. This includes sites that were previously confirmed as malicious but have displayed benign activity for at least 90 days
Example Sites: www.google.comwww.schwab.comwww.amazon.com
Besides, checked some reports based on the user mentioned "SBS_2"
2025-03-05 16:56:00.052 -0500 Error: pan_config_parse(pan_log_query.y:116): unable to parse single expr: dynusergroup_name in user.src eq 'sbs_2'
2025-03-05 16:56:00.128 -0500 Error: _pan_log_query_parse_single_expr(pan_log_query.c:12426): no function available for fieldname dynusergroup_name and op 3 for logtype 5
2025-03-05 16:56:00.128 -0500 Error: pan_log_query_parse_single_expr(pan_log_query.c:13222): failed to parse term: dynusergroup_name in user.src eq 'sbs_2' first round, try address expansion

 

 

PALO ALTO_PJ_07-03-25.PNG
Preview file
164 KB
0 Likes Likes
  • 402 Views
  • 2 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks