This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

About essnet

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
essnet
‎07-02-2020
since ‎11-30-2011
L4 Transporter
User Activity
User Profile
Latest posts by essnet
View All
User Badges
Community Statistics
Member Since ‎11-30-2011 02:23 PM
Date Last Visited ‎07-02-2020 02:28 AM
Posts 138
Total Likes Received 16

Re: SSL Decrypt does NOT work with TLS 1.1 or TLS 1.2

by in General Topics
‎08-22-2012 02:04 AM
‎08-22-2012 02:04 AM
Hello, I have been in relation for months with product and support managers, it was said many times that 1.1 is not supported and 1.0 is partially (lack of critical extensions). Strange we don't have same informations :smileygrin: Anyway, I am always running my own tests and found out that above SSLv2, compatibility is poor. ... View more

Re: URL Redirection, or forwarding

by in General Topics
‎08-22-2012 01:18 AM
‎08-22-2012 01:18 AM
Hello, As a Google Apps business user, you should ask Google to fix this behaviour (happened to us too in the past) ... View more

Re: SSL Decrypt does NOT work with TLS 1.1 or TLS 1.2

by in General Topics
‎08-22-2012 01:17 AM
‎08-22-2012 01:17 AM
According to Chrome dev team, newest version has TLS 1.1 disabled because of issues with IIS : Chrome Releases: Stable Channel Update Thank you Microsoft, you're saving us for once :smileysilly: ... View more

Re: In captive portal, not asking for authentication for https traffic.

by in General Topics
‎08-14-2012 05:49 AM
1 Kudo
‎08-14-2012 05:49 AM
1 Kudo
Decryption is done by dedicated CPUs , you shouldn't expect slowdowns (we don't over here) If you do the job correctly, decryption shoudldn't create SSL certificate warning ( Root CA must be trusted on your company computers). there are many guides about that on this portal. ... View more

Re: SSL Decrypt does NOT work with TLS 1.1 or TLS 1.2

by in General Topics
‎08-07-2012 02:04 AM
‎08-07-2012 02:04 AM
Hello, I totally second your claims. In addition TLS 1.0 is partially finished : it lacks TLS Extensions, which make for example https://www.gmail.com to fail decryption. Regards ... View more

Re: Google Chrome Update

by in General Topics
‎08-06-2012 01:45 AM
‎08-06-2012 01:45 AM
Another problem is that PA has not implemented fully TLS 1.0 protocol, so it's pointless to talk about 1.1 ... Please PA, finish your dev on SSL stack ! Decryption has been unsuable for more than a year over here. ... View more

Re: Decryption

by in General Topics
‎06-12-2012 06:03 AM
‎06-12-2012 06:03 AM
Hello, If you can't decrypt, you can't do anvivirus and such , traffic will be seen as SSL application, so there not much to do .... ... View more

Re: Determining false positives in Wildfire

by in General Topics
‎06-04-2012 02:11 PM
‎06-04-2012 02:11 PM
Hello, I totally support your statement about signed executables being excluded. That being said, most installers and driver software are doing 'nasty' things like install files in system folders , hard drive sectors , changing low level sytem settings and such , so tend to be flagged as malicious ... Or is it just a matter fine tuning wildfire engine ? Is it really possible ? Anyway, great job on these live sandbox execution and reports. I've got a silly question : do you also execute EXEs that are installed by an installer itself ? It seems that you aren't at first look. ... View more

Re: arp/mac cache limits - any plans to increase them?

by in General Topics
‎05-30-2012 01:58 AM
‎05-30-2012 01:58 AM
Hello, You can also look at specsheets PDFs on PaloAlo home website, like this one: http://media.paloaltonetworks.com/documents/PA500_Specsheet.pdf This is a very good limitation to know:  MAC table size/device: 500  for PA-500 ... View more

Re: SSL decryption and Http redirection

by in General Topics
‎05-30-2012 12:08 AM
‎05-30-2012 12:08 AM
Hello, Today PAN Support confirmed me in a ticket : SSL decryption doesn't support SSLv3/TLSv1 fully : they clear original client HELLO packet to replace all values by their owns ones. They even asked me to open a Feature Request... I hope it's the kind of ones they can implement "FAST" because I am relying a lot on Decryption which is a major feature that makes PAN ahead of others. ... View more

Dual/HA IPsec tunnels with 2 ISPs ?

by in General Topics
‎05-29-2012 06:36 AM
1 Kudo
‎05-29-2012 06:36 AM
1 Kudo
Hello, I have 2 PaloAltos, one is running on robust and redundant Corp internet ISP, another one on a remote location with 2 public  ADSL (and miserable quality ofc !). My goal is to have a redundant IPsec link between the two PaloAltos : How would you achieve this ? I have several scenarios in mind: PA2 builds 2 tunnels (one from each ISP) all time and routing is done with BGP (or any other routing protocol), so if a link fails, that routing protocol will timeout and route will vanish from each PA, so traffic will fail to the remaining one. PA2 builds 1 tunnel at a time : a PBF will detect if ISP1 is dead and failover traffic to ISP2. This solution may not work as my lowcost ISPs don't have same public adress, so it would mean that PA2 needs to reset old tunnel before creating new one (does it even support this automatically?). What would be the timeframe of such failover also ? thank you in advance for your suggestions, feedback and questions ! Regards, ... View more

Re: Application filters

by in General Topics
‎05-22-2012 01:52 PM
‎05-22-2012 01:52 PM
I am using a different way : I reviewed all applications once and decided which ones I wanted to ban. Every week I receive an email from PA with a list newly created apps. I review each of them and decide which ones I want to ban and add them to my application ban group. ... View more

Re: Syncplicity

by in General Topics
‎05-21-2012 01:31 PM
‎05-21-2012 01:31 PM
That one is daoble too, a bit more advanced, may be hard for newcomers but there are some tutorials on this portal. ... View more

Re: Syncplicity

by in General Topics
‎05-21-2012 01:27 PM
‎05-21-2012 01:27 PM
In the meantime, even if the application doesn't exist, you can use URL filtering to forbid URL like *.syncplicity.com . ... View more

Re: PAN User ID agent consuming bandwidth

by in General Topics
‎05-18-2012 02:19 PM
‎05-18-2012 02:19 PM
You are right Andreas, firewall will ask all its agents if it knows user behind an IP ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎07-02-2020 02:28 AM
Latest Tags
No tags yet
Likes From
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks