1: I have critical alerts in AIOPS that when corrected are still being reported in the console and not configured:
Outbound High Risk IP Addresses Not Blocked:
Configure and enable a deny rule with the 'Palo Alto Networks - High risk IP addresses' EDL in the destination address, Log at Session End enabled, along with a Log Forwarding Profile OR an allow rule with the same configurations along with Antivirus, Vulnerablility Protection, Anti-Spyware and URL Filtering profiles configured
I also have similar for the "Inbound".
2: Undecrypted Traffic Settings Not Set To Recommended
The following options need to be enabled: block_expired_certificate, block_untrusted_issuer
If I follow the recommended steps in AIOPS the non-decrypted excluded sites are blocked.
3: File Blocking Profile Not Strict
I have one user that uses the website Canva.com and if I put the Strict File Blocking profile of that specific userid Canva.com stops working because it uses Windows PE to display images in the site.
How can I get these sorted? I am pulling my hair our double and triple checking configs.
Finally, AIOPS is grading the default "READ ONLY" Objects like URL Filtering, Antispyware, Antivirus etc: and preventing the Firewall from moving from Orange(Fair) to Good(Green) in the Device Security Dashboard.
Can you do a forced manual AIOPS scan of the firewall instead of having to wait on the automatic scan every 24hrs?
Please help
