Block on APP-ID (Apache Log4j )

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Block on APP-ID (Apache Log4j )

L1 Bithead

Hello All,

After a bit of help ...I' have never created a block type rule on a Palo and now my boss wants me to create a .block rule for the above.

We have about 300 policies in the our firewall so no idea how to create a block and apply it .

Can anybody give me any pointers ? 

 

Regards

 

 

3 REPLIES 3

L0 Member

You need to do it by applying vulnerability security profile to each policy, or edit the security profiles you already applied to the security rules.

 

But, the default action of log4j vulnerability signatures are "reset-server" and severity are critical:

Sample_Wu_0-1639537778768.png

 

You just need to make sure the rule in each security profile is included severity critical and action is default or other suitable type, as below screenshot of the default profile:

Sample_Wu_1-1639537997579.png

 

just provide me thought for you as a reference.

 

Regards,

Sample

 

Hi - Thanks for that  - I have created what I hope is correct.

 

Capture0.PNG

 

Capture1.png

 Regards

 

 

L1 Bithead

@Scott64 wrote:

Hello All,

After a bit of help ...I' have never created a block type rule on a Palo and now my boss wants me to create a .block rule for the above.

We have about 300 policies in the our firewall so no idea how to create a block and apply it .

Can anybody give me any pointers ? 

 

Regards

 

 


Upgrade to Log4j 2.3.2 (for Java 6), 2.12.4 (for Java 7), or 2.17.1 (for Java 8 and later).

In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.

Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.

Also note that Apache Log4j is the only Logging Services subproject affected by this vulnerability. Other projects like Log4net and Log4cxx are not impacted by this.

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!