This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About SDorsey

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
SDorsey
‎10-27-2020
since ‎04-18-2012
L4 Transporter
User Activity
User Profile
Latest posts by SDorsey
View All
My Liked Posts
View All
My LIVEcommunity Articles Contributions
View All
User Badges
Community Statistics
Member Since ‎04-18-2012 08:18 AM
Date Last Visited ‎10-27-2020 06:38 PM
Posts 149
Total Likes Received 23

Re: Mgmt webgui kicks me out since panos 6.0

by in General Topics
‎12-24-2014 08:40 AM
‎12-24-2014 08:40 AM
Not me. On 6.1.1 at most of my clients and still have the issue in all browsers. ... View more

Re: Except Specific IPs from port scan detection / Zone Protection

by in General Topics
‎12-02-2014 04:54 PM
‎12-02-2014 04:54 PM
This can still cause interference as port scans are blocked by the Zone Protection profile which is configured at the zone level and not via an ACL rule. ... View more

Re: Who's using an MSSP for security monitoring?

by in General Topics
‎11-13-2014 07:15 PM
‎11-13-2014 07:15 PM
I have not personally heard any negative feedback. ... View more

Re: PANOS 6.1 Related Log Detail View Enhancements

by in General Topics
‎11-10-2014 12:58 PM
1 Kudo
‎11-10-2014 12:58 PM
1 Kudo
Thank you much sir! ... View more

Re: Who's using an MSSP for security monitoring?

by in General Topics
‎11-10-2014 12:26 PM
1 Kudo
‎11-10-2014 12:26 PM
1 Kudo
We are a VAR so cannot speak from a personal-use side but a lot of our clients have Solutionary and have nothing but positive to say thus far. ... View more

PANOS 6.1 Related Log Detail View Enhancements

by in General Topics
‎11-10-2014 12:24 PM
‎11-10-2014 12:24 PM
Greetings all! I have updated several PAN firewalls to 6.1. Today, I noticed this entry on page 5 of the guide: Related Log Detail View Enhancements To make it easier to correlate log information from a session, you can now click through the related logs in the Detailed Log View without closing the window and switching views. You can switch between the URL Filtering, Threat, Traffic, and Data Filtering logs associated with a session and the Detailed Log View window will dynamically update to display pertinent information for the selected log I am not readily seeing how to do this on a 6.1 system. Can someone point me in the right direction? ... View more
Labels:

Re: 6.0.5 h3 explanation

by in General Topics
‎10-13-2014 11:25 AM
‎10-13-2014 11:25 AM
Because H3 added new anti-packet-evasion techniques. NSS labs discovered they could use certain fragmentation attacks to completely bypass the PAN IPS. So H3 was released which introduces protections against these which require symmetric traffic for the PAN to be able to reassemble the fragments. ... View more

Re: 6.0.5 h3 explanation

by in General Topics
‎10-13-2014 09:27 AM
2 Kudos
‎10-13-2014 09:27 AM
2 Kudos
The web server was placed in a DMZ but the web server was dual homed.. i.e. the web server had two physical interfaces. One was connected to the DMZ vlan and the other was connected to the internal network vlan. So when internal workstations made a request to the web server in the DMZ, the initial request would go through the firewall to the web server.. but when the web server responded to that request, it would respond directly to the internal network since it had an interface physically connected to the internal network. So the firewall would only see traffic from the client to the server. It would not see the server to client response. ... View more

Re: 6.0.5 h3 explanation

by in General Topics
‎10-13-2014 09:04 AM
1 Kudo
‎10-13-2014 09:04 AM
1 Kudo
All correct. Basically with the new anti-packet-evasion protections in 605-h3, it cannot properly reassemble the fragmented packets if the traffic is asymmetric since it only sees half the traffic. ... View more

Re: New to Palo Alto from Juniper SSG

by in General Topics
‎10-13-2014 07:21 AM
‎10-13-2014 07:21 AM
I believe Steven is correct. Also, welcome to PANOS. I used to have to manage a couple SSGs back in the day. I found it to be painful. ... View more

Re: Possible Issues with 6.0.5-h3

by in General Topics
‎10-12-2014 04:50 PM
‎10-12-2014 04:50 PM
Agreed. I have a request in with the sysadmins to see if we can do away with the dual-homed connection altogether since this is really a design anyway. ... View more

Re: Possible Issues with 6.0.5-h3

by in General Topics
‎10-11-2014 05:08 AM
2 Kudos
‎10-11-2014 05:08 AM
2 Kudos
csharma Thank you! That fixed it. Apparently the server admins thought it would be okay to dual-home the web server to the internal network. ... View more

Possible Issues with 6.0.5-h3

by in General Topics
‎10-10-2014 08:51 PM
‎10-10-2014 08:51 PM
Has anyone discovered any issues with H3? I have an odd issue and am not sure if it has to do with the layer 4 changes in the hotfix to address the evasion issues. I have upgraded 3 client sites. No issues at 2 of the sites. On the third side, I have an issue. This client has a public web site in a DMZ. The ACL allows it to be directly accessed by the internal network. After the update to H3, you can access the website just fine from across the internet. You cannot access it from the internal network. You can ping the web server just fine. The Traffic log shows Incomplete for the port 80 traffic. Downgrading back to 6.0.5 allows internal users to hit the website in the DMZ just fine. ... View more
Labels:

Re: Blocking credentials from being submitted to a malicious site

by in Automation/API Discussions
‎09-15-2014 05:00 AM
‎09-15-2014 05:00 AM
Also, if you find legit sites which are flagged as unknown. I would certainly recommend submitting a change request so they can classify it correctly as this helps everyone else in the PAN community. ... View more

Re: Blocking credentials from being submitted to a malicious site

by in Automation/API Discussions
‎09-15-2014 04:59 AM
‎09-15-2014 04:59 AM
I agree that blocking unknown causes more work as a lot of legit websites are still in the unknown category. Luckily, it is easy to create whitelisting rules for this. I typically create a new URL category and white list the domains there that are blocked via unknown. From the security standpoint though, there may be a lot of malware sites classified as unknown. E.g. when I look through the logs at malware blocked, especially involving files flagged by WF, the domain is classified as unknown. So you certainly reduce the attack surface when you block unknown. You just have to keep in mind, you are committing to your users that you will whitelist the domains they need. As always, security is a balancing act. But I have blocked the unknown category for most of my clients. The first few days is when you find the most domains being blocked due to being category unknown. So you may whitelist a lot in the first few days; once you get past that period, it is pretty smooth sailing. Last note that on that. When you have the PAN do cert checking, most of the OCSP sites it calls out to are flagged as unknown. So do not block unknown for your PAN mgmt interface(s). Other than that, no issues thus far. ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎10-27-2020 06:38 PM
Latest Tags
No tags yet
Likes Given To
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks