About Remo

Are you able to access any website? Does a cert warning show up or does it work as expected? Or are just the websites working where you already ignored the cert warning? ... View more

@CastawayKid If the smtp connection is encrypted (SMTPs) then yes you will see an URL, but this normally the CN of the used certificate in such connections. The problem in your case is this cannot be used for incoming connections as you then only have the name of your own mailserver in the URL-logs and not the source. ... View more

Hi @Saad.ahmed   I honestly don't think someone will (or is able) to share a complete list of event names. But may I ask for what you need such a list? As a SOC analyst my interpretation is that you need to be alerted based on the severity of the events and of there is vulnerable software that is used kn your network you can override the alerts and priorize specific events. On https://threatvault.paloaltonetworks.com you can search for threat IDs. There are thousands of vulnerabilities a paloalto firewall is able to detect, so your list needs to be a little longer to be complete.   Regards, Remo ... View more

Hi @HWAAcademy   Do decrypt TLS connections? If yes did you try to block "https://elgoog.im/snake/" and without TLS decryption you could block "eloog.im". ... View more

Hi @FarzanaMustafa   With just this it is almost impossible to say where the problem could be. But before you do any further troubleshooting: update to 4.1.8 or even 4.1.9. There were quite a few bugs resolved since 4.1.0... ... View more

@Abdul_Razaq wrote: What if i get a mail to my server having malicious url inside mail( PA allready knows it as malicious, hope othervise he send to wildfire for analysis and update PAN-DB) , will PA block email? Yes, PA will block the email and if the URL is not known it will be sent to WF   @Abdul_Razaq wrote: what if i have URL as attachment ( encoded as pdf and attached to email) ?, will antivirus profile will check URL aswell as he checks other file type?. PA will not check these URLs. It will only block the email if the attachment itself contains a virus   @Abdul_Razaq wrote: is there any difference if it was a phishing link or a download link ? PA will only block (if you configure it to) emails that contain phishing, malware and c&c URLs   @Abdul_Razaq wrote: I understand if user clicks the url, he will be blocked as i have url filtering from inside to outside, (my concern is if he is outside network, not using GP nd access the site, his machine/credentials will be compromised. Yes, without the firewall the users are obviously not protected by PA   @Abdul_Razaq wrote: Is there a way for making PA to check email-link reputation with DB before the email send to user, if DB doesnt categorised the URL, email should go to user as wildfire will take time. No, not yet. This is in my opinion a job for an email gateway and not for a firewall.   ... View more

--> check the config in CLI ... View more

@MP18 I am talking about the option that @A_Astardzhiev also described: @A_Astardzhiev wrote: Over the GUI go to Panorama -> Setup -> Management -> Panorama Settings -> Disable/uncheck "Share unsused addresses and service objects with devices"   ... View more

In our environment we do it a little different than @BPry. All the config is on panorama and there we use objects for about everything. Specially for all internal servers - if they are used or not - but just in case we need them the objects are already there. Also useful is if the IP changes for whatever reason, then only one change is required and the object is changed on all firewall where it is used. But what we have configured is the option that only the used objects are pushed to the firewalls. So far we do not see a big performance impact because of too many objects and with this option there is no impact when pushing the config to the firewalls. ... View more

As they work with squid, did you add these urls to the custom url category? www.google.com/favicon.ico www.google.com/images/branding/product/ico www.google.com/maps www.google.com/xjs www.google.com/search?tbm=map www.google.com/s?tbm=map www.google.com/gen_204?oq= ... View more

Hi @j.moore   Why don't you add the same URLs (without regex) to your custom URL category? ... View more