This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About networkadmin

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
networkadmin
‎09-16-2017
since ‎02-12-2010
L4 Transporter
User Activity
User Profile
Latest posts by networkadmin
View All
My Liked Posts
View All
User Badges
Community Statistics
Member Since ‎02-12-2010 10:34 AM
Date Last Visited ‎09-16-2017 04:35 PM
Posts 242
Total Likes Received 16

opaque: Failed to check WildFire content upgrade info due to generic communication error

by in General Topics
‎05-13-2014 11:28 AM
‎05-13-2014 11:28 AM
Any suggestions please? I have it set to update every 15 minutes at an odd number of minutes to hopefully avoid "Let's all download at 00:00". Doesn't happen all the time but it does happen more than I'd expect given we have a solid/stable leased line connection. ... View more

Re: Wildfire - is the full subscription worth it?

by in General Topics
‎05-13-2014 10:25 AM
‎05-13-2014 10:25 AM
PDF and Office Documents would be a challenge simply due to privacy concerns - nothing against Palo Alto here but a Word document is in a different league to an executable when it comes to being happy submitting it outside the company Java is interesting as we do have to install it for some business apps and we all know how fabulously secure and pleasant Java is. Jared, that's a fair take on it and of course in an ideal world you'd just flick a switch and decrypt the lot.  Is there a current list of stuff (be it sites or applications) that does not work well with decryption? ... View more

Re: Wildfire - is the full subscription worth it?

by in General Topics
‎05-12-2014 12:06 PM
‎05-12-2014 12:06 PM
That all makes total sense Jared.  Where I'm struggling a little is with current best practises on what URL categories to decrypt.  For example yes, it makes sense to decrypt "Unknown", and maybe to even consider setting "Continue" as the URL Filtering action, but there seems to be articles on the KB here saying not to decrypt unknown like the PDF here Controlling SSL Decryption Who is right i.e. what is a sensible decryption policy in terms of URL categories (lets ignore privacy for a moment and concentrate on not breaking any application)? ... View more

Re: Wildfire - is the full subscription worth it?

by in General Topics
‎05-12-2014 11:14 AM
‎05-12-2014 11:14 AM
Jared, thanks, appreciate the disclosure too Do you guys have a best practise document or guide on how to get the best out of WildFire? I'm interested in are how to deal with SSL based downloads and how to deal with URL filtering. We do SSL decryption already but of course there's a significant overhead the wider you case the net. With URL filtering I guess the obvious option is to set block or continue on the "Unknown" category but I'm curious what Palo Alto would tell someone doing a POC to do to get the most out of the unit. I should add we have a PA-500 so the solution may differ from if it was a 4050 ... View more

Wildfire - is the full subscription worth it?

by in General Topics
‎05-12-2014 09:26 AM
‎05-12-2014 09:26 AM
Apologies for the somewhat blunt title but it really is as simple as that I've been using the bundled WildFire service for some time and did begin to wonder if it was working until it pinged on a couple of zero day Zeus trojans - seems our folks are just too well behaved by and large. Anyway, I'm on the 30 day trial license and I wanted peoples views on whether they find the full subscription to be worthwhile? On the Monitor/Wildfire tab it seems to take an age to update the logs and also it only shows malicious files - is there a way to show benign files as well like it does on the portal? ... View more

Re: PA-3050 stops processing traffic

by in General Topics
‎05-01-2014 01:19 AM
‎05-01-2014 01:19 AM
We had this happen on a 500 running 5.0.10. At the weekend the box spontaneously rebooted - according to support "They've seen it happen with 5.0.x and have no idea why" - there was nothing useful in the tech support bundle so right now we're just waiting to see if it happens again. ... View more

Re: WildFire - What sort of hit rate do you see?

by in General Topics
‎04-28-2014 07:43 AM
‎04-28-2014 07:43 AM
That makes sense in our case Mike - we don't use wildfire on inbound email but we quarantine anything executable at the gateway. I may try enabling wildfire on our inbound SMTP rule as that should catch some nasties.. ... View more

SSL Decryption - What categories do you decrypt?

by in General Topics
‎04-27-2014 06:05 AM
1 Kudo
‎04-27-2014 06:05 AM
1 Kudo
Right now we have a policy to never decrypt shopping and finance/banking sites, and we decrypt web based email and social networking. I know there are issues with certain applications (Windows Update I believe?) if you try to decrypt so I wondered what your decryption/inspection policies are? ... View more

WildFire - What sort of hit rate do you see?

by in General Topics
‎04-27-2014 06:03 AM
‎04-27-2014 06:03 AM
I enabled WildFire a month or so back. I know it works as I download files regularly from the PAN "random wildfire test file" site and sure enough a little while later an alert pings in and it shows in the dashboard. In production it seems that everything that my users download is either from trusted sources or has checksummed as clean - in theory this is a good thing and we are a corporate so I wouldn't expect people to be downloading "bad stuff", but I guess I almost expected to see a little more stuff being downloaded that would be sent to WildFire. I wondered how everyone else finds the service and if there are any recommended ways to test it other than the Palo Alto test site? ... View more

Palo Alto Virtual Firewall Platform

by in General Topics
‎04-27-2014 02:18 AM
‎04-27-2014 02:18 AM
Is anyone using one of these but as an internet facing firewall vs. firewalling the VM's on the host the firewall is running on? From the pricing and specs and the amount of HA that vSphere can provide, I'm trying to understand what the "catch" is vs. a physical Palo Alto? ... View more

Re: Captive Portal SSL Certificate Error

by in General Topics
‎04-27-2014 02:15 AM
‎04-27-2014 02:15 AM
Thanks, looks like importing with the intermediate appended fixed it ... View more

Captive Portal SSL Certificate Error

by in General Topics
‎04-25-2014 12:21 PM
‎04-25-2014 12:21 PM
We're running 5.0.10 with Captive Portal. We have an SSL certificate installed for *.domain.com and have several internal DNS entries that point something.domain.com to various physical interfaces on the Palo Alto. We recently revoked and rekeyed our wildcard cert and since importing and replacing all instances with the new certificate, on some machines (not all), when getting to the captive portal there is a "Don't recognise the CA" error thrown up by Internet Explorer with Chrome simply saying "No Connection". In the PAN GUI the certificate shows as being issued by AlphSSL, which it was.  On machines with the error I can get to the management interface which uses the same certificate and I don't get any kind of error. I'm a little confused - the only thing I can imagine is if I need to somehow get the intermediate onto the PAN, but that would seem unlikely since the management interface works perfectly using the same certificate. ... View more
Labels:

Re: PA-500/PA-20xx - tuning mgmt performance

by in General Topics
‎04-10-2014 09:26 AM
‎04-10-2014 09:26 AM
I'd be interested in how much difference the memory upgrade makes on the PA-500 as the Web GUI is absolutely appalling quite honestly. If the upgrade cost a reasonable amount I would just buy it, but @ $500 I want to be sure it will actually help. ... View more

Re: Whitelist rule - confusion on URL filtering...

by in General Topics
‎04-03-2014 12:20 PM
‎04-03-2014 12:20 PM
Thanks both, and then we're into that lovely game of having to know explicitly what you want to either allow or block when I might want to say "I don't care what it is so long as it's going to www.vmware.com". ... View more

Whitelist rule - confusion on URL filtering...

by in General Topics
‎04-03-2014 09:21 AM
‎04-03-2014 09:21 AM
We have a whitelist rule that allows out http/https as a service and "any" as the application. All the URL categories in the profile applied to that rule are set to "Block" and there are some URLs in the whitelist. The destination address is set to "any". Today we noticed someone hit that rule using SSH on port 443 and it was allowed out. I'm guessing that I'd misunderstood how the PAN applies URL filtering and that only certain applications hit URL filtering and other applications simply hit the rule and would be allowed out so long as they were using port 80 or 443? Could someone please explain how the Palo Alto knows whether to apply URL filtering or not? ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎09-16-2017 04:35 PM
Latest Tags
No tags yet
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks