About networkadmin

Support have come back saying Palo Alto have confirmed PAN-OS is vulnerable. No other details though. Have to say I'm pretty disappointed at the lack of anything official from Palo Alto on this one - as a customer I shouldn't have to be the one chasing support to find out if a device we own and pay support on to protect our network is vulnerable or not. ... View more

We're seeing a lot of Flash stuff logged but nothing like "everything" so how sure is anyone that these really are false positives vs. true malware? I really do wish the Palo Alto could log the URL as part of threat log and email report. ... View more

choff123 wrote: Is the PA itself ok? the PAs run Linux? I have a case open and support are checking with our SE so I don't know if there is an official position yet. Same story with all our vendors - "watch this space" ... View more

BobW wrote: Steven, Thanks for replying, but I am still confused how running it on ESXi makes it less secure.  Assuming it was setup correctly (no ability to manage it from the outside), the exposed side of the firewall will appear as any other firewall to an outsider.  Any ESXi exploits are not valid as you are not exposing ESXi, only the appliance.  I just don't get it.... Publish servers through it, as far as anyone knows they just went through a physical firewall.  If you are in a position where someone gets in and can pivot around you have a lot more trouble than a virtual firewall. Thanks for your patience, Bob Bob I'm 99% with you, but I must admit there's part of me that, however irrational, I'm not entirely convinced I'd be comfortable with it. That said, we run SMTP gateways and VM's on a DMZ virtual switch so I don't really see how this is any different. There's a heck of a lot of "what if's" needed for something bad to happen I think. ... View more

Interesting as today I enabled Spyware and Virus signatures on outbound DNS from our Domain Controllers and we're also seeing thousands of hits/matches. Domains such as: d.audienceiq.com d.p-td.com p.adsymptotic.com They flag as Spyware so I assume it's the anti-spyware signatures catching them? Fair to say I switched off email notifications pretty quickly ... View more

Hulk, thanks and I get that I can do that, but I think the point for Palo Alto here is that I don't know if it's a good URL or a bad URL and Palo Alto are contradicting themselves with their behaviour IMO. d.audienceiq.com d.p-td.com p.adsymptotic.com How am I supposed to know what those are? :smileylaugh: Palo Alto must know it's bad else why is it in the vulnerability database as suspicious/spyware - someone at Palo Alto must have updated the database? So if it's known bad why would it not be listed in a suitable category for URL filtering automatically? You see what I'm saying hopefully? ... View more

If you wouldn't trust it enough to secure traffic at the perimeter, why would you trust it enough to secure your internal traffic? Genuine question - like many people I'm wary of putting VMware at the very edge of the network but given the "on paper" specifications of the VM100 you could buy a dedicated host if you wanted to and it would still seem to give a 2000 or entry 3000 series a run for its money. Palo Alto SE's say it's intended for east-west inspection but nobody really ever explains why it shouldn't be suitable to use at the perimeter especially when you can do HA using VMware vs. having to buy a pair of appliances. ... View more

Hi Doris, thanks for that really detailed reply - appreciate it I guess I'm trying to understand how the two domains that weren't malware were classified as anything other than malware? I'm not asking to criticise, I'm genuinely curious as there must be thousands if not more domains registered daily - I'd assumed they'd all go into "unknown" until some manual process happened? ... View more

Honestly, I can live with capacity issue if it's communicated properly and a fix is in site. What's pretty much unacceptable is a week of back and forth with support with seemingly random suggestions with me repeatedly asking for it to be escalated to Palo Alto only to be told after a week "Oh they've said it's capacity issues" - which was the first thing I asked. ... View more