04-25-2017 09:27 PM - edited 04-25-2017 09:45 PM
I'm running into an issue with external dynamic list threat feeds while using panos 8, the problem being is it seems they introduced a great feature to validate and authentication SSL sources by validating the signing CA for the threat feeds that can induce access rule entries. This is great although the problem I'm facing is the implementation of the new safe guard features requiring the enforcement to be controlled locally to the firewall. What!! that is great if you manage 1 firewall but my organization has close to a dozen or more Palo devices that we manage with Panorama. Making the requirement to manage ACL's based on the local firewall rules completely changes the architecture we have in place prior to panos 8. Our pre shared and device group ACLs we used to safe guard against our prioritized risk blacklist, while using Minemeld have be altered. We can no longer utilize Minemeld threat intelligence feeds at this level (panorama ACL processing level) with PanOS 8. Since our pre firewall rules are process before our locally firewall rules are blacklist rule that is processed at panorama pre-shared is no longer affective. We have been in the past providing a large threat feed from minemeld into this ACL to blacklist malicous IP's and aggregate other third party feeds into this protection method.
Please tell me I have my PANOS logic wrong?
Tim
