This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Block on APP-ID (Apache Log4j )

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Block on APP-ID (Apache Log4j )

Scott64
L1 Bithead

‎12-13-2021 04:37 AM

Hello All,

After a bit of help ...I' have never created a block type rule on a Palo and now my boss wants me to create a .block rule for the above.

We have about 300 policies in the our firewall so no idea how to create a block and apply it .

Can anybody give me any pointers ? 

 

Regards

 

 

1 person had this problem.
3 REPLIES 3

Sample_Wu
L0 Member

‎12-14-2021 07:14 PM

You need to do it by applying vulnerability security profile to each policy, or edit the security profiles you already applied to the security rules.

 

But, the default action of log4j vulnerability signatures are "reset-server" and severity are critical:

Sample_Wu_0-1639537778768.png

 

You just need to make sure the rule in each security profile is included severity critical and action is default or other suitable type, as below screenshot of the default profile:

Sample_Wu_1-1639537997579.png

 

just provide me thought for you as a reference.

 

Regards,

Sample

 

Scott64
L1 Bithead
In response to Sample_Wu

‎12-15-2021 03:32 AM

Hi - Thanks for that  - I have created what I hope is correct.

 

Capture0.PNG

 

Capture1.png

 Regards

 

 

0 Likes Likes

Kuhic567
L1 Bithead

‎02-15-2022 01:46 AM

@Scott64 wrote:

Hello All,

After a bit of help ...I' have never created a block type rule on a Palo and now my boss wants me to create a .block rule for the above.

We have about 300 policies in the our firewall so no idea how to create a block and apply it .

Can anybody give me any pointers ? 

 

Regards

 

 

Upgrade to Log4j 2.3.2 (for Java 6), 2.12.4 (for Java 7), or 2.17.1 (for Java 8 and later).

In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.

Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.

Also note that Apache Log4j is the only Logging Services subproject affected by this vulnerability. Other projects like Log4net and Log4cxx are not impacted by this.

 

0 Likes Likes
  • 3885 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks