This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Unibw
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Unibw
08-28-2023
25Posts
0Likes
0Solutions
Aug 28, 2023Last Visited
User
Activity
User
Profile
Latest posts by Unibw
| Subject | Views | Posted |
|---|---|---|
| 2490 | 11-27-2015 12:04 PM | |
| 2519 | 11-26-2015 11:58 PM | |
| 3192 | 09-09-2015 02:15 AM | |
| 3268 | 09-09-2015 01:05 AM | |
| 3294 | 09-01-2015 12:47 AM | |
| 1534 | 04-30-2015 01:24 AM | |
| 6531 | 02-19-2015 01:55 PM | |
| 1432 | 11-18-2014 11:24 PM | |
| 7343 | 09-17-2014 04:26 AM | |
| 3342 | 04-01-2014 02:25 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 2 Likes | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 01-03-2012 01:18 AM |
| Date Last Visited | 08-28-2023 04:16 AM |
| Posts | 25 |
11-27-2015
12:04 PM
Thank you! You are right suggesting sinkholing.
I already use DNS sinkhole for but not every URL in category malware seems to be covered with a DNS suspicious signature.
Only small parts regarding the logs in my environment. Therefore PANW claims a block in the log but a parallel installed IDS shows, that the callback was already transported.
Is there another modus which withholds the HTTP Request until the respose is there?
Any idea why category malware is not completly covered by IDS signatures?
... View more
11-26-2015
11:58 PM
Malware Callbacks for command&control and also for data exfiltration are often transported in
HTTP POSTs.
The URL blocking of category malware URLs seems only to block the HTTP response. The GET or POST request seems to pass untouched to the server. So it is possible to exfiltrate arbitrary data in the GET or POST request.
What is the suggested strategie to block connection to hosts listed in the URL category malware before data can be exfiltrated?
... View more
09-09-2015
02:15 AM
Try this set shared override application oracle tcp-timeout 86400 Works for me to avoid DB sessions dieing. Postges in my case
... View more
09-09-2015
01:05 AM
Hi Gerardo, thanks for your answer. Usual we do no NAT at all in the concerning environment. The IKE-part is not the problem. The PA-7k does IKE stateful but is not able to handle the ESP stateful. Most solutions I am aware of need either change the client to avoid using ESP and packing ESP in TCP or UDP. Allowing each ESP packet from outside is not a good option. Using a second Firewall like Juniper Netscreen or Juniper SRX to fix the PA-7k firewall is also a possible solution, but who can afford a second firewall to fix a PANW bug? Regards Winfried
... View more
09-01-2015
12:47 AM
Hi, due to a bug (ID:80950), that PANW is not able to fix, it is necessary to create seperate IPSec-ESP policies for both directions trough the PA-7050. IPSec-ESP that comes in response to a opened session is being dropped if there is no separate policy for incomming ESP traffic. Example: -Client are allowed to open IPSec-Connections from "trust" to "untrust". -You have to allow ESP also from "untrust" to "trust" for any adress a IPSec client might use To avoid flooding, etc. from outside I am searching for solutions to avoid this. Has any PA-7k admin found a valid approach? Regards Winfried
... View more
Labels:
- Labels:
-
Configuration
-
Hardware
-
policies
04-30-2015
01:24 AM
Is it possible to analyze multicast traffic on a tap interface? I am unable to commit a multicast policy bound on a tap. Tap { to multicast; from Tap; source any; destination any; source-user any; category any; application any; service application-default; hip-profiles any; action allow; } Commit error: In VSYS vsys1 from zone Tap of type tap and to zone multicast of type unknown are incompatible in security rule Tap Configuration is invalid
... View more
Labels:
- Labels:
-
Configuration
-
Networking
02-19-2015
01:55 PM
Hi mrsold, if you happen to use ISC dhcpd look for the shared-network statement use to join together subnets sharing the same L2 segment. ISC dhcpd is actually the motor for most IPAM appliances like Bluecat, Infoblox, ... Best regards Winfried
... View more
11-18-2014
11:24 PM
Hi, I would like to know, whether there are already special resources for chassis operation? There seem to be separate logs for the cards. These special things seem not to be covered yet neither by the CLI Reference Guide nor by the Hardware Reference Guide. Questions are - Logfiles for cards - Power-Supplies - Chassis-Boot-Problems - Troubleshooting ... Thanks Winfried
... View more
Labels:
- Labels:
-
Configuration
-
Management
-
Set Up
-
Troubleshooting
09-17-2014
04:26 AM
Sorry, I was not logged in for a while. I am not really sure. The tunnel between PA-VM and ScreenOS 6.3. did not become stable for long. (300Mbit max throughput , 20ms latency, no measurable packet loss).
... View more
04-01-2014
02:25 PM
Is an upgrade to PANOS 5.0.11 possible? At least for the PA-VM this upgrade was recommended by the TAC in my case. I run ScreenOS 6.3.0R14 currently on my Netscreen side. I use vpn-monitor on the ScreenOS side.
... View more
04-01-2014
01:52 PM
Thanks, I knew that this is possible, but my idea is to have the functions still available even if nothing more but the serial console works. You say "not yet". Do you know about plans to implement op scripts?
... View more
03-28-2014
06:32 AM
Hi, in my opinion some commands are still missing in the PanOS CLI. I miss some features implemented in my conventional firewall to handle the policy rule set efficiently. Some other vendor has the possibility to use so called op-scripts in the CLI. This scripts allow to implement own CLI commands using the built in API. Is there already the possibility to use the PanOS-API from the PanOS CLI? Or are there plans to do this? Best regards Winfried
... View more
- Tags:
- api
- cli
- configuration
Labels:
- Labels:
-
Configuration
-
Management
12-11-2013
11:59 PM
The FR-Number is FR194
... View more
08-29-2013
10:43 PM
Also it's worth to try to deactivate the replay-protection on phase 2. This just helped in my case dealing with inter vendor VPN.
... View more
08-29-2013
02:27 AM
I am still thinking about this problem. JunOS has the same problem out of the box, but for JunOS I found the possibility to use so called op-scripts. Here the link to the example usable for JunOS policy-test - Juniper Networks Now my Idea would be to use the PanOS-API to do something similar, but I don't know whether it is possible to use the API from the CLI interface? Does anybody know? Thanks Winfried
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks