This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About ACortes

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
ACortes
‎10-21-2020
since ‎06-24-2015
L2 Linker
User Activity
User Profile
Latest posts by ACortes
View All
My Liked Posts
View All
User Badges
Community Statistics
Member Since ‎06-24-2015 12:52 AM
Date Last Visited ‎10-21-2020 04:00 AM
Posts 17
Total Likes Received 2

Re: session_end_reason eq decrypt-error - 8.0.9

by in General Topics
‎03-25-2019 01:00 AM
‎03-25-2019 01:00 AM
Well, we have solved the problem with the upgrade. Now, decryption is working as expected. I think SSL exclude cache only applies for ssl-forward-proxy mode, which is not my case. ... View more

Re: PA 3050 PAN-OS Upgrade Path

by in General Topics
‎03-22-2019 06:04 AM
1 Kudo
‎03-22-2019 06:04 AM
1 Kudo
That's correct. No need to run 8.0 or 8.1 but it must be downloaded before run 8.0.X or 8.1.X. ... View more

Re: PAN OS 8.1.5 - Thoughts?

by in General Topics
‎03-22-2019 05:53 AM
‎03-22-2019 05:53 AM
We moved to 8.1.5 and one week later to 8.1.6 because Data Plane CPU usage raises to 90-98% at production time (PA 3060).   At the moment, support suspects about SMB deep packet inspection but we need to clarify the issue. With 8.0.7 Data Plane CPU usage was 30-60%. ... View more

Re: session_end_reason eq decrypt-error - 8.0.9

by in General Topics
‎03-22-2019 02:09 AM
1 Kudo
‎03-22-2019 02:09 AM
1 Kudo
Finally we solved upgrading to 8.1.5. ... View more

Re: session_end_reason eq decrypt-error - 8.0.9

by in General Topics
‎10-21-2018 10:46 PM
‎10-21-2018 10:46 PM
Sorry, I meant 97082. ... View more

Re: session_end_reason eq decrypt-error - 8.0.9

by in General Topics
‎10-18-2018 11:57 PM
‎10-18-2018 11:57 PM
I've experiencing similar problems with ssl inbound decryption, session end reasons an decryption errors just after upgrading to 8.0.6: https://live.paloaltonetworks.com/t5/General-Topics/SSL-decryption-inbound-issue/m-p/209561   Look at 8.1.3 addressed issue PAN-97208 https://www.paloaltonetworks.com/documentation/81/pan-os/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-3-addressed-issues   You may try to upgrade to 8.1.3 or 8.1.4 and check if it's related. ... View more

Re: SSL decryption inbound issue

by in General Topics
‎04-11-2018 12:38 AM
‎04-11-2018 12:38 AM
@BPry wrote: In my experiance if the traffic can't be encrypted you'll usually run into issues... That sounds interesting.   This concrete scenario has been some kind of coincidence, but the point is that we had deployed SSL inbound inspection for many web apps and we have disabled every deciption policy until we clarify the FW behaviour.   I've tried the no-decrypt-policy-based workaround you have proposed. It seems to work properly but it is still a workaround.   A member of the Paloalto support team has admitted that it is not the expected behavior. So, I hope they are going to study the case.   Thanks for your help! ... View more

Re: Automatic IP block-list PAN 8.0

by in Threat & Vulnerability Discussions
‎04-11-2018 12:23 AM
‎04-11-2018 12:23 AM
With Block-IP you can drop traffic for a defined period, between 1 and 3600 seconds. Take care when apply because legitimate sources could also be blocked. ... View more

Re: SSL decryption inbound issue

by in General Topics
‎04-10-2018 03:41 AM
‎04-10-2018 03:41 AM
Permanently. ... View more

Re: SSL decryption inbound issue

by in General Topics
‎04-10-2018 12:40 AM
‎04-10-2018 12:40 AM
Well. This is the profile. I only want to decrypt TLSv1.0. Other traffic is supposed to be allowed without being decrypted, or I may have misunderstood how inbound inspection works.           When the issue happens, the client try to negotiate TLSv1.2 and something goes wrong.   This is captured on the FW, at firewall stage:     And this is captured from the clientside:   After opening a case, a workaround has been supplied: "Enabling TLSv1.2 on the profile, it works properly". Anyway, that's not the point. Because traffic that can not be decrypted should be allowed as SSL, isn't it?    If I don't want to decrypt nor block sessions based on TLSv1.1 or TLSv1.2, why are they being blocked?   ... View more

Re: Action and Session End Reason conflict when SSL decryption enabled

by in General Topics
‎04-09-2018 04:08 AM
‎04-09-2018 04:08 AM
In my case, that kind of log appears at least when the browser shows the typical message about untrusted certificate. Is this your case? ... View more

SSL decryption inbound issue

by in General Topics
‎04-09-2018 03:45 AM
‎04-09-2018 03:45 AM
We've been using SSL decryption inbound for a while. In order to decrypt traffic based on DHE and ECDHE ciphers, we moved to PAN-OS 8.0. On 7.1.10, traffic with those ciphers were not decrypted but passed through. Now, on 8.0.6, we see drops.   The decryption profile sets TLSv1.0 only as protocol, but we allow other protocol versions and ciphers (block unchecked for unsupported versions and chiper suites).   When the decryption policy is enabled, requests from Firefox v.59 (Windows, Linux and Android) get an SSL_ERROR_ILLEGAL_PARAMETER_ERROR.   I couldn't find info from Paloalto describing those errors. They say when decryption is not supported, session is not decrypted and passed through the firewall, as metioned here: https://live.paloaltonetworks.com/t5/PSIRT-Articles/Safely-inspecting-SSL-transactions/ta-p/148517 https://live.paloaltonetworks.com/t5/Featured-Articles/Tips-amp-Tricks-Cipher-suite-enforcement-in-decryption-rules/ta-p/74291   Briefing, decryption policy enabled: we get errors. Decryption policy disabled: everything works fine.   Am I confused or this is the expected behaviour? ... View more

Opened session remains after threat triggered block-ip. WTF!

by in General Topics
‎02-09-2017 05:07 AM
‎02-09-2017 05:07 AM
Hi, I've been testing the block-ip action in spyware DNS signatures. I was an RDP session before the threat triggered the block-ip action. Then, no more connections are allowed (what is OK), but the RDP session remains open.   Is this a normal behaviour? I think the FW should reset all the sessions previosly established for the blocked IP, shouldn't it?   Thanks! ... View more

Re: Agentless UserID no longer maps users

by in General Topics
‎07-17-2015 12:35 AM
‎07-17-2015 12:35 AM
You might reboot the units and the counter start again. You have another 388 days before upgrade or reboot ... View more

Re: How can I configure Global Protect for on-demand as well as pre-logon

by in General Topics
‎07-07-2015 12:02 AM
‎07-07-2015 12:02 AM
You may create another portal and GW and allow users changing portal address on their GP agents. To avoid certificate issues, I would deploy this new portal using the same address but a different TCP port than default (443). To do this, a loopback interface can be used to support the GP portal and a NAT policy should be implemented to redirect traffic to the loopback interface on port 443. ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎10-21-2020 04:00 AM
Likes From
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks