08-24-2022 06:02 PM - edited 08-24-2022 10:19 PM
how to allow NordVPN after done suggestion of BPA for advanced threat license?
I use flashrouter of nordvpn but page.asp can not load and even blank white page shown.
I remove high risk and medium category blocking but can not solve
PA220 configured C2 command and control traffic blocking but cannot find the reason of blocking and can not find which log represent the block because users are using firewall at the same.
Is it possible to tag this flashrouter page.asp traffic to find the cause ?
So far I added a temporary rule after the first block malicious IP list rule to allow ssl and web browsing for a workaround solution , but it need to disable and enable every time the openvpn is down. Openvpn may accumulate a over 8GB value in counter which I do not this value too large or due to the 8GB openvpn is stored so openvpn flow is down ?
Now I know not the C2 Block it , because after temporary rules are quic block rule and category block rule and SSH tunneling and SSH , telnet block rule. These are suspected rules
08-31-2022 02:33 AM
Better see this article as to discover which rule blocks your traffic as you may have a rule where you have not enabled "log at the session end" and this is why to not see anything:
08-31-2022 02:49 AM
last week temporary allow rule works at rule three after malicious ip rule block and before adult and high risk and medium risk and malware risk blocked
today this rule not work , page asp in flashrouter show blank page, i have to connect outside cable back to wifi router to make the page asp load first in firefox in mobile first and then connect back to palo alto outside port to use page asp
last week this rule is for show openvpn location and provider dropdownlist , today application filter allow US, CA , GB with ssl and web browsing app not work to show page asp because whole page asp is blank today.
i find log show this rule has characteristic malware and medium risk, so i suspect category rule block , but there is no exception option in category blocking and object section, it makes rules conflict. and need to enable and disable temporary rule when openvpn unstable need to press disconnect and connect again.
09-01-2022 02:01 AM
today I think that I need to buy second flash router , one is outside and one is dmz , in order to see inside openvpn traffic and at the same time , page asp not blocked
because negate US location , other US high risk can bypass rule.
though I worry flash router page asp is fake page, i check that session all show openvpn destination IP is the correct country I choose
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
