Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About KiCheon.Lee
About KiCheon.Lee
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
11-01-2019
198Posts
14Likes
2Solutions
Nov 01, 2019Last Visited
User
Activity
User
Profile
Latest posts by KiCheon.Lee
| Subject | Views | Posted |
|---|---|---|
| 730 | 10-28-2019 06:38 PM | |
| 864 | 01-03-2017 01:11 AM | |
| 1007 | 05-10-2016 02:15 AM | |
| 1391 | 05-10-2016 02:06 AM | |
| 1397 | 05-09-2016 11:40 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 | 02-10-2016 06:27 PM | |
| 1 | 10-12-2015 12:12 AM | |
| 1 | 08-18-2015 07:34 PM | |
| 1 | 08-18-2015 09:30 PM | |
| 2 | 02-06-2014 08:21 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 4 | |||
| 1 | |||
| 1 | |||
| 3 |
User Badges
Public Statistics
| Date Registered | 04-29-2011 08:30 AM |
| Date Last Visited | 11-01-2019 12:58 AM |
| Total Messages Posted | 202 |
| Total Likes Received | 14 |
02-04-2015
01:09 AM
Hello, I need your help. PA identify to RSH app-id when use tcp/514(standard port). And PA also dentify to R-EXEC app-id when use tcp/512. But PA identify to unknown-tcp when these applications use to change TCP port to 80. Would theses applications depend standard port??? Thanks.
... View more
- Tags:
- app_id
Labels:
01-26-2015
11:15 PM
Hello I need your help. I look out flow_sfpwq_taildrop counters increase high when I monitor PA. So I wonder what this counter mean. And I also wonder whether this counter influence real traffic or not. Thanks.
... View more
- Tags:
- global_counter
Labels:
12-10-2014
01:51 AM
Thank you for your answer. Do you think same that many users use a same account?
... View more
12-09-2014
11:35 PM
Hello, My customer' office use SSL-VPN with Cisco ASA. We are going to change Paloalto FW instead of ASA. All employees use shared a account for SSL-VPN. How many users can a account connect into global protect? It is used a same account. Thanks, KC Lee
... View more
- Tags:
- global-protect
Labels:
11-27-2014
06:47 AM
Hello, I am testing to allow for FTP(all both active & passive mode) on A-A with asymmetric routing environment. Session of control channel on FTP such as login has no problem. But I can not connect data-channel. It seems cutting data session. So I tried packet capture in FW. Syn/Ack packet on data-channel was dropped by FW. I guess root cause of this issue is FW can not synchronize predict session on A-A with asymmetric routing environment? Is it right? I need your advise. Thanks, KC Lee
... View more
Labels:
11-18-2014
09:12 PM
Hello. I have a question about other ip flood in dos protection. Is other ip flood all protocol excepted TCP , UDP and ICMP? I want to know protecting ack flood. Thanks and Regards.
... View more
- Tags:
- dos_protection
Labels:
10-22-2014
06:59 PM
1 Kudo
Wow~. Thank you very much~ Roh, dreputi, hshah, panos. My worry is broken by you and get good energy.
... View more
10-22-2014
03:14 AM
Hello. I want to make the following network-diagram. Is it possible? A Cisco Nexus Paloalto VRF-1 ----------------------> eth1/1.1 | 1.1.1.1 | VR : default | trust tag 10 | | VRF-2 <--------------------- eth1/1.2 | 2.2.1.1 | VR : default | untrust tag 20 1. Traffics go into sub-interface eth1/1.1 with tag 10. 2. FW process routing and policing. 3. Traffics go out from sub-interface eth1/1.2 with tag 20. Two sub-interfaces are on same physical interface. Thanks, KC Lee
... View more
- Tags:
- sub-interface
Labels:
10-21-2014
02:04 AM
Hello, I want to make custom application(or vulnerability) from MIME type. EXE of MIME Type is 'application/x-msdownload' So I made two customer applications as the following patterns. 1. application/x\-msdownload 2. \x61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 64 6f 77 6e 6c 6f 61 64\x But FW detected these custom applications which are tried to use many contexts. What did I mistook? What is wrong? Thanks, KC Lee
... View more
- Tags:
- custom-app
Labels:
09-24-2014
10:24 PM
Hi hshah, Thanks you for your answer. are All WildFire signatures for PE made up w.generic??? And Is it possible that add range Virus IDs to virus exception? Regards, KC Lee
... View more
09-22-2014
07:49 PM
Hi ssharma, Thank your very much for your answer. It helps me so clear. Thanks, KC Lee
... View more
09-22-2014
07:44 PM
Thanks for your answer, Jacob and Hardik Shah. I already knew a way how to add a threat exception. But this method is I have to add each threat-IDs. My customer wants to add some automatic method. Do you know the ranged of w.generic virus signature IDs??? Thanks, KC Lee
... View more
09-22-2014
10:40 AM
Dear Steven, I have a question after have read your comment. We use a self-generated certificate with 2048 bits from FW for ssl outbound decryption. But we always see 1024 bits certificate when connecting to facebook. 2048 bits certificate can be generated by FW-self, but can not use to decryption. because FW does not support. Right? Thanks and Regards, KC Lee
... View more
09-22-2014
09:37 AM
1 Kudo
Hello Roh, I have a question after have read your question. Can you input double-bytes on CLI window? I have nerver succeeded to input double-bytes on CLI. Please let me know how to input it. Thanks, KC Lee
... View more
09-22-2014
01:43 AM
Hello My customer think all w.generic virus signarues would have false-positive. So he want to make a virus profile excepted all w.generic signatures. Can it be made? Thanks.
... View more
- Tags:
- anit-virus
Labels:
09-04-2014
07:31 PM
Hi csharma, Thanks for your answer. It help me very useful. But my customer want to filter partial characters on many groups. Do you know another way excepted same group? We can not category group by partial characters. Thanks
... View more
08-27-2014
07:41 PM
Thanks for your answer, csharma. But we use xml method not AD with LDAP. In case, How should I use filtering? Thanks
... View more
08-25-2014
10:20 PM
Hello HULK, First, Thanks for your answer. I already looked above liked document. and I also tried to use "in SA" in the filter. But I could see nothing logs in traffic logs. In addition, PANOS is 5.0.10. Thanks
... View more
08-25-2014
08:23 PM
Hello, What difference are between 'user eq' and 'user in' in filter of traffic logs? I want to see output which is filtered by partial user-ID not full user-ID. For example, There are as below user-IDs. SA10001 SA10002 UQ20001 UQ20002 ....... I want to filter for all started 'SA' users in traffic logs. KC Lee
... View more
Labels:
08-06-2014
10:28 PM
Hello, I have seen the below link and I have known FW can not decode Sliverlight about filename. Filenames of Hotmail Email Attachments do not Appear in the Data Filtering Logs So I want to know all kinds list which FW can decode for filename. Please let me know it. Thank you KC Lee
... View more
- Tags:
- file_blocking
Labels:
07-08-2014
07:26 AM
Hello, I am doing performance test with Breaking Point about throughput , CPS. While testing, I have found drop counters as below. session_dup_pkt_drop 701 3 drop session resource Duplicate packet: Applies only for multi-DP plat form with hardware (Tiger) broadcasting pkt to all DPs What does this mean??? KC Lee
... View more
Labels:
06-17-2014
09:01 AM
Hello, My customer made vulnerability signature in FW. But FW doesn't detect this signature. Customer Vulnerability Signature context : http-req-message-body pattern : eval\(gzinflate\(str_rot13\(base64_decode I am searching this but I don't know. So I need your assistance for it. I have read Creating_Custom_Signatures-RevA.pdf document This document describe as the following message. http-req-message-body Description: Body content of a HTTP request when the body content cannot be recognized as URL encoded or MIME type data using the Content-type field. Do you know to relate between not detecting signature and this description?? Thanks
... View more
06-17-2014
12:19 AM
Hello, My customer made vulnerability signature in FW. But FW doesn't detect this signature. Customer Vulnerability Signature context : http-req-message-body pattern : eval\(gzinflate\(str_rot13\(base64_decode I am searching this but I don't know. So I need your assistance for it. I have read Creating_Custom_Signatures-RevA.pdf document This document describe as the following message. http-req-message-body Description: Body content of a HTTP request when the body content cannot be recognized as URL encoded or MIME type data using the Content-type field. Do you know to relate between not detecting signature and this description?? Thanks
... View more
Labels:
06-10-2014
02:33 AM
1 Kudo
Thanks Roh. Your monitoring always gives me a scare. Anyway, I need a detail version. For example, 0.9.8p or 0.9.8za or etc.
... View more
05-22-2014
10:58 PM
Hello, I am creating custom application. I have been faced a problem. There are two URL below, http://live.sports.media.daum.net/cast/baseball/relay?game_id=71014605#text http://live.sports.media.daum.net/cast/baseball/relay?game_id=71014605#hdvod Both are baseball streaming-service. But one is text base streaming-service. The another is video base streaming-service. My customer want to allow text base streaming and block video base streaming. Can I create two custom application to identify http fragment(#text , #hdvod)? Thanks and Regards, KC Lee
... View more
Labels:
05-20-2014
05:58 AM
Well, Why does a image file nee authentication??? Regards, KC Lee
... View more
05-20-2014
05:53 AM
HI Narong, Thank you so much. I searched this messages but I did not see the above document. It helps me very useful. Regards, KC Lee
... View more
05-20-2014
02:29 AM
Hi FW can no update anti-virus signature. Please look at the following logs. admin@PA-3050> request anti-virus upgrade install file panup-all-antivirus-1278-1748.tgz Content install job enqueued with jobid 4 4 admin@PA-3050> show jobs processed Enqueued ID Type Status Result Completed -------------------------------------------------------------------------- 2014/05/20 18:24:10 4 Install FIN FAIL 18:24:11 2014/05/20 18:20:01 3 Commit FIN OK 18:20:11 2014/05/20 18:16:38 2 Install FIN FAIL 18:16:40 2014/05/20 18:11:02 1 AutoCom FIN OK 18:11:32 admin@PA-3050> show jobs id 4 Enqueued ID Type Status Result Completed -------------------------------------------------------------------------- 2014/05/20 18:24:10 4 Install FIN FAIL 18:24:11 Warnings: Details:content update failed with the following messages: Image File Authentication Error Failed to extract rpm file /opt/pancfg/mgmt/av-images/tmp/panup-all-antivirus-1278-1748.tgz What do the above messages mean? What should I do for solution? Thanks KC Lee
... View more
- Tags:
- anti_virus_updates
Labels:
Latest Blogs
Latest Posts
Copyright 2007 - 2020 - Palo Alto Networks
