URL Access Error

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

URL Access Error

L1 Bithead

Hi all,

I have setup MineMeld on a VM and it seems to be working correctly but, when I setup the EDL on a PAN firewall and test it, I get a "URL access error" message on the firewall

clipboard_image_0.png

I have generated CA from Palo alto and i have created a certificate signed by this CA (with CN same of minemeld's hostename).After that, I have uploaded the certificate to minemeld and verified that the change was successful.

I also changed the service route of EDL.

Someone could help me?

Thanks

 

UPDATE:

I removed FEEDS_AUTH_ENABLED on /opt/minemeld/local/config/api/30-feeds-auth.yml and the EDL is accessible from PA (without authentication) but if i enable it i got the same error.

EC
3 REPLIES 3

L2 Linker

Sometimes this appears to be related to the TLS version configured on your MineMeld web server. For some strange reason, the PAN FW will only make the request to the webserver using TLS 1.0 and nothing higher.

 

If you see issues where the URL is unavailable or an access error check to see if TLS 1.0 is disabled.

 

A quick PCAP on. the MGT interface will show you what it's trying to negotiate.

 

tcpdump filter 'host your_dst_IP'

 

Jason

Hi @ethiSEC thank you for the answer.

Where can i check if TLS1.0 is enabled on minemeld?

Thanks

 

EC

You can check TLS version under Minemeld config file.

 

- Mayur

M
  • 6626 Views
  • 3 replies
  • 2 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!