how to allow NordVPN after done suggestion of BPA for advanced threat license

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

how to allow NordVPN after done suggestion of BPA for advanced threat license

L2 Linker

how to allow NordVPN after done suggestion of BPA for advanced threat license?

I use flashrouter of nordvpn but page.asp can not load and even blank white page shown.

I remove high risk and medium category blocking but can not solve

PA220 configured C2 command and control traffic blocking but cannot find the reason of blocking and can not find which log represent the block because users are using firewall at the same.

Is it possible to tag this flashrouter page.asp traffic to find the cause ?

 

So far I added a temporary rule after the first block malicious IP list rule to allow ssl and web browsing for a workaround solution , but it need to disable and enable every time the openvpn is down. Openvpn may accumulate a over 8GB value in counter which I do not this value too large or due to the 8GB openvpn is stored so openvpn flow is down ?

 

Now I know not the C2 Block it , because after temporary rules are quic block rule and category block rule and SSH tunneling and SSH , telnet block rule. These are suspected rules

I am a Palo Alto user setup Palo Alto Firewall from new and clean Palo Alto from the beginning. Advanced threat, Wildfire, advanced URL and advanced DNS are my licenses.
3 REPLIES 3

L6 Presenter

Better see this article as to discover which rule blocks your traffic as you may have a rule where you have not enabled "log at the session end" and this is why to not see anything:

 

https://live.paloaltonetworks.com/t5/general-topics/knowledge-sharing-palo-alto-checking-for-drops-r...

last week temporary allow rule works at rule three  after malicious ip rule block and before adult and high risk and medium risk and malware risk blocked 

 

today this rule not work , page asp in flashrouter show blank page, i have to connect outside cable back to wifi router to make the page asp load first in firefox in mobile first  and then connect back to palo alto outside port to use page asp 

 

last week this rule is for show openvpn location and provider dropdownlist , today application filter allow US, CA , GB with ssl and web browsing app not work to show page asp because  whole page asp is blank today.

 

i find log show this rule has characteristic malware and medium risk, so i suspect category rule block , but there is no exception option in category blocking and object section, it makes rules conflict. and need to enable and disable temporary rule when openvpn unstable need to press disconnect and connect again.

 

 

I am a Palo Alto user setup Palo Alto Firewall from new and clean Palo Alto from the beginning. Advanced threat, Wildfire, advanced URL and advanced DNS are my licenses.

today I think that I need to buy second flash router , one is outside and one is dmz , in order to see inside openvpn traffic and at the same time , page asp not  blocked 

because negate US location , other US high risk can bypass rule.

though I worry flash router page asp is fake page, i check that session all show openvpn destination IP is the correct country I choose

 

I am a Palo Alto user setup Palo Alto Firewall from new and clean Palo Alto from the beginning. Advanced threat, Wildfire, advanced URL and advanced DNS are my licenses.
  • 2683 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!