This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

About Raido_Rattameister

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Raido_Rattameister
‎10-09-2025
Cyber Elite
since ‎02-10-2015
Cyber Elite
User Activity
User Profile
Latest posts by Raido_Rattameister
View All
User Badges
Community Statistics
Member Since ‎02-10-2015 12:44 AM
Date Last Visited ‎10-09-2025 12:25 PM
Posts 1,645
Total Likes Received 518

Re: VPN question

by Cyber Elite in General Topics
‎08-03-2016 10:14 AM
‎08-03-2016 10:14 AM
Phone built in vpn client works like a charm. ... View more

Re: URL Filtering vs. Dynamic Block Lists

by Cyber Elite in General Topics
‎07-26-2016 08:17 AM
‎07-26-2016 08:17 AM
If you use them in diferent securiy policies then the one that is attached to top rule (rules are evaluated top to down) will take effect.   ... View more

Re: Threat Prevention - Qualys PCI

by Cyber Elite in General Topics
‎07-26-2016 07:59 AM
‎07-26-2016 07:59 AM
Those scans are really strange. If firewall blocks then result is "interference". If firewall does not block then result is "unneeded open services" (we use 1-to-1 static nat mapping).   One option is to push scan in 2 steps. First without specific rules in place to see what regular internet users see and second scan with top rule that permits anything from Qualys IP's during scan period. Security profile "log only" for this traffic.   Also you have to set zone protection profile to log only during scan period. For second scan if you do it in 2 steps. ... View more

Re: PaloAlto T Shirt on completion on ACE

by Cyber Elite in General Topics
‎07-11-2016 06:25 AM
‎07-11-2016 06:25 AM
Unfortunately t-shirt campaign is discontinued. ... View more

Re: session end threat

by Cyber Elite in General Topics
‎06-29-2016 03:41 PM
1 Kudo
‎06-29-2016 03:41 PM
1 Kudo
Look what the session id is. Go to threat log and filter out this session id to find the cause. Traffic log will not tell you the cause. ... View more

Re: How to bound an ACL to GP VPN client

by Cyber Elite in General Topics
‎06-28-2016 09:39 AM
‎06-28-2016 09:39 AM
Those destinations that you covered with black box. Are they address objects? They have 0 at the end so I assume they have some subnetmask also set? ... View more

Re: Blocking EXE files but allowing file names

by Cyber Elite in General Topics
‎06-28-2016 06:31 AM
‎06-28-2016 06:31 AM
You have to have 2 seperate security policies and 2 seperate File Blocking profiles. Top sec policy will allow download of executables and you have URL category attached to it. ... View more

Re: How PA can replace a Proxy

by Cyber Elite in General Topics
‎06-28-2016 05:27 AM
1 Kudo
‎06-28-2016 05:27 AM
1 Kudo
You have to have URL profile added to security policy that matches traffic. All categories should be at least with "alert" action. Allow action permits but does not log.   Palo can replace proxy. All you miss is content caching (but nowadays with dynamic websites it is not important) and URL rewrites.   And if you want to export the data then Device > Scheduled Log Export gives you option to export URL filtering log nightly to FTP or SCP server. ... View more

Re: Application: Incomplete

by Cyber Elite in General Topics
‎06-28-2016 01:43 AM
‎06-28-2016 01:43 AM
You can filter incomplete out today aswell. (rule eq 'Allow all') and (app neq incomplete) ... View more

Re: Application: Incomplete

by Cyber Elite in General Topics
‎06-28-2016 01:41 AM
‎06-28-2016 01:41 AM
Be aware that now you allow every application that Palo does not recognize on those ports. So if you have strickt list of apps you permit or block unknown-tcp then you should add random signature to the custom app. ... View more

Re: Application: Incomplete

by Cyber Elite in General Topics
‎06-28-2016 01:31 AM
‎06-28-2016 01:31 AM
In old days Palo's traceroute application had port 80 as standard port so I had top rule to permit outgoing traceroute and it collected all incompletes under it. Now you probably should create some custom application on port 80 and allow this with top rule. If this custom application has no signature and Palo identifies more specific one it has built in (like web-browsing) then your custom app will be overridden by built in signature. But this first custom rule would catch incompletes.   Edit: Better yet - add some random signature to your custom rule so that it would never match. If you don't add then unknown-tcp might get through. ... View more

Re: Application: Incomplete

by Cyber Elite in General Topics
‎06-27-2016 11:31 PM
‎06-27-2016 11:31 PM
You can't block incomplete because TCP has 3way handshake at beginning and if this does not complete or there is no traffic after 3way handshake then Palo logs this traffic as incomplete.   For example when you try to access external FTP server that is down at the moment then your computer sends out SYN packet. Nothing comes back. In log you see 1 packet sent, 0 packets received. And application is incomplete.   https://live.paloaltonetworks.com/t5/Management-Articles/Not-Applicable-Incomplete-Insufficient-Data-in-the-Application/ta-p/65711   You could run report on machines that generate most incomplete sessions and might want to check why. Maybe they are infected with malware and are trying to call home and find C&C servers. ... View more

Re: How to bound an ACL to GP VPN client

by Cyber Elite in General Topics
‎06-27-2016 11:24 PM
1 Kudo
‎06-27-2016 11:24 PM
1 Kudo
Usually companies have 2 AD groups. VPN Users VPN Users third party   Policy that permits traffic from Globalprotect zone to LAN has only VPN Users group attached. VPN Users third party has no default access to lan (ok maybe towards domain controller to auth and resolve dns).   And then you add specific sec policies to every contractor who needsd access to your network.   In your case it might be temporary step to create top rule to allow from this user to access resource you need and second rule below it to block anything else from that user (don't forget to put his username to user field).   If you have 0.0.0.0/0 route towards your network then you probably want to allow contractor to access wan zone aswell not to cut his internet 🙂 ... View more

Re: Blocking EXE files but allowing file names

by Cyber Elite in General Topics
‎06-27-2016 09:31 AM
2 Kudos
‎06-27-2016 09:31 AM
2 Kudos
Create custom URL category. Add download.citrixonline.com into it. Allow download of executables (for specific users) from that URL category. ... View more

Re: How to identify long live session(s) ?

by Cyber Elite in General Topics
‎06-27-2016 03:33 AM
‎06-27-2016 03:33 AM
In this case all security policies should have "log at session start" that is not default. It is nice option but writes a lot more log and log retention period is shorter. ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎10-09-2025 12:25 PM
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks