This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About Sec101

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Sec101
‎04-23-2024
since ‎09-29-2020
L4 Transporter
User Activity
User Profile
Latest posts by Sec101
View All
User Badges
Community Statistics
Member Since ‎09-29-2020 09:35 AM
Date Last Visited ‎04-23-2024 03:20 PM
Posts 128
Total Likes Received 5

Re: Enforcing Global Protect Connection Issue

by in General Topics
‎01-26-2021 09:17 AM
‎01-26-2021 09:17 AM
Commenting here to follow.    ... View more

Re: Layer 3 Subinterfaces VM-Series Firewalls VLAN 4095

by in General Topics
‎01-21-2021 03:37 PM
‎01-21-2021 03:37 PM
@reaper  -pleasure hearing from you.  Very good to know! ... View more

Layer 3 Subinterfaces VM-Series Firewalls VLAN 4095

by in General Topics
‎01-21-2021 02:36 PM
‎01-21-2021 02:36 PM
When it comes to vm series firewalls, Layer 3 subinterfaces, trunks and port groups, are there any downsides/catches/cautions to setting the ESXI port group to use vlan 4095 (trunk), and then simply utilize layer 3 subinterfaces on the vmseries firewalls with 1 NIC?  Article noted below, using just like a normal trunk if I understand correctly? Seems to work as expected as long as I have the TAG number on the firewalls interface.  Wondering if anyone has had problematic experiences with a setup like this?  I don't think we've ever used a trunk interface marked as 4095 going to anything.   Plenty of switching trunks and cisco routers on a stick, but never from an ESXI host trunking to a virtualized palo alto with layer 3 interfaces.   Should work as expected?    https://kb.vmware.com/s/article/1004252 ... View more

Re: Slow Google searches on 9.0

by in General Topics
‎12-10-2020 07:54 AM
‎12-10-2020 07:54 AM
@jmurphy     I'll be looking forward to hearing back on your TAC case too.     @Dpeters1  update http2 decoder?  You mean on the firewall itself - or on the browser? ... View more

Re: Slow Google searches on 9.0

by in General Topics
‎12-09-2020 09:31 AM
‎12-09-2020 09:31 AM
you could reproduce on other browsers?    ... View more

Re: Slow Google searches on 9.0

by in General Topics
‎12-08-2020 06:34 AM
‎12-08-2020 06:34 AM
I wonder why it makes for such a slow search on http/2 connections?   It only appears to be on chrome too.   Other browsers work fine. ... View more

Re: Slow Google searches on 9.0

by in General Topics
‎12-03-2020 01:53 PM
‎12-03-2020 01:53 PM
It does seem that "strip alpn" fixes the slow responses.   It fixes it almost completely.   Yes- we do block quic, so maybe that is part of the issue?      I'm surprised more people haven't seen/had this issue.   It does seem like strip ALPN fixes that - but isn't that downgrading the connection?   So what is the point of going to 9.0 with http/2 if you can't use it?   So does 10.0 fix this?   Too early for us to go that route. ... View more

Re: SSL Decryption: ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY

by in General Topics
‎12-02-2020 06:21 AM
‎12-02-2020 06:21 AM
same problem.  strip alpn fixes. Chrome is leading browser.   How can palo not have noticed this?    ... View more

Re: TLS 1.3 Encrypted SNI No-Decrypt URL Categories

by in General Topics
‎11-20-2020 06:13 AM
‎11-20-2020 06:13 AM
Thank you for the reply!  Always good to hear from you.      I'm wondering about the effectiveness of URL categories that are not decrypted on the firewall in a TLS1.3 world.  Do they become worthless?     Found the below link, but it still doesn't give a lot of info on the tls1.3 encrypted SNI.    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClzlCAC  ... View more

TLS 1.3 Encrypted SNI No-Decrypt URL Categories

by in General Topics
‎11-19-2020 10:45 AM
‎11-19-2020 10:45 AM
In non decrypted tls 1.3 traffic, how is the firewall in 10.0 seeing the URL that a user requests and how is it enforcing that category?  I've read that tls1.3 encrypts the SNI field, which from my understanding, is the primary way the palo firewalls read and implement URL categories on non-decrypted traffic.      If we don't decrypt on certain traffic (ex. financial), and that traffic is tls1.3, how is the firewall seeing a destination, other than an IP address, and how is it trying to utilize what it sees to a URL category?     I've read below, but still a bit foggy on this, as would this break URL categories period for non-decrypted traffic? https://live.paloaltonetworks.com/t5/general-topics/url-filtering-tls-1-3-website/m-p/244821#M69839  ... View more

Re: Custom App for CRL downloads

by in General Topics
‎11-18-2020 07:03 AM
‎11-18-2020 07:03 AM
Yes, appears to be working ok for us. ... View more

Re: Slow Google searches on 9.0

by in General Topics
‎11-11-2020 04:35 PM
‎11-11-2020 04:35 PM
it's interesting, as I see really long "Stalled" - some up to 50 -60 seconds.   All of these searches have the "h2" protocol involved.   If I strip alpn, all returns to normal and I can't replicate it.   All of the issues starts with a fresh window of chrome, and the first search you enter.   Below of an h2 transaction for a simple google search:   ... View more

Re: Slow Google searches on 9.0

by in General Topics
‎11-10-2020 06:32 PM
‎11-10-2020 06:32 PM
Just random ones, but it's the majority.   Seems you can replicate by closing the browser and relaunching it and googling something.  Even went as far as allowing web advertisements category for google-base, to see if that would help.   Same thing.   Edge surfs just fine, even on google.   Just chrome.   Anything to do with this? https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-err-http2-inadequate-transport-security/td-p/306467  ... View more

Re: Slow Google searches on 9.0

by in General Topics
‎11-10-2020 02:46 PM
‎11-10-2020 02:46 PM
This is interesting.   is there a plugin you suggest that is best for this? ... View more

Slow Google searches on 9.0

by in General Topics
‎11-10-2020 09:34 AM
‎11-10-2020 09:34 AM
Recently we changed to 9.0 code.   We are running decryption on our firewalls.   I've seen some very slow google searches recently, and a few errors when searching all while  using chrome.  Eventually the page will load the search if I wait long enough.   It's almost like chrome is failing the search at first, and then succeeding?   Wondering if this has something to do with http2 decryption? ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎04-23-2024 03:20 PM
Latest Tags
No tags yet
Likes Given To
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks