About nikoo

Hi,   Beginning are always clumsy, but one of the first things I was impressed - community and knowledge base articles. I cannot stress enough how many times articles around here have helped me to get around some issues or simply get to know some feature. Anyway, when I got into PA firewalling, it all looked nice and shiny and overall easy to deal with, so it felt good, but some things I've learned over time: Subscribe for Security Advisories, Software Update & Content Update e-mails - that way you will always know when new feature release comes and will not miss more severe notifications about vulnerabilities - in such a cases every minute counts. Use packet capture - that has proven my point countless times - if, for any reason, you do not believe logs - getting the capture in such a cases is easy & fast way to see what really happens from a different directions. Learn some basic CLI - they WILL become handy one day and when that happens - it may be already stressful enough as you will not go there unless there is a really good reason. Know how to deal with HA from CLI, log structure, running debug packet diag, flow basic (https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-Flow-Basic/ta-p/72556), etc. Superb feature I learned about after a while - https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Test-Which-Security-Policy-Applies-to-a-Traffic-Flow/ta-p/53693. Testing policy match from the CLI - that really helps to understand if the traffic will pass without bothering the end-user. P.S. TCP - IP protocol 6, UDP - 17. Good to know when testing. 🙂 Features that are synchronized in HA - https://live.paloaltonetworks.com/t5/Tech-Note-Articles/High-Availability-Synchronization/ta-p/61190. Had to deal with the question - why the heck secondary device is not getting the updates from the Internet although the network setup should allow it, but, whooaaah, service routes had to be set for both devices of the HA pair saperately as they are not synced in HA. Although it was not possible in early PA releases - it is possible to log the default security rule traffic - https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-See-Traffic-from-Default-Security-Policies-in-Traffic/ta-p/57393. I've seen some creating custom "catch-all" rule for the traffic just for the logging - not required anymore. I was told it is not possible and it turned to out to be legacy and wrong. ..and there are definitely other things, but as you see all of these are well described in Live community - you still have to find them though. 🙂     ... View more

Yea, it should be OTP, but turned out as TTP. 🙂   Well, fine, will upgrade to 7.1 when possible although there was a cookie to feed for the client in 7.0 as well, but that did not do the trick. We'll see if this will make it better. ... View more

A little bump, maybe still someone has some insight? ... View more

Long story short, reason for my doubt was SSL, becuse decryption was done. Basically, when SSL decryption succeeded, instead of seeing application ssl at TCP/443 as initially, Palo Alto saw application web-browsing at TCP/443 which is not the application-default port and due do that was blocking it, which is pretty much expected with this configuration. ... View more

Hi, @reaper   Ok, thanks for assuring me, will look into why it is acting the way it is, because it seems like not hitting the correct rule then with the current deployment. ... View more

Will poke this thread around. Time has passed, so maybe someone has seen similar situation and filed a support case? ... View more

Could this possibly help you? https://live.paloaltonetworks.com/t5/Management-Articles/Domain-not-Added-to-Usernames-using-Captive-Portal-and-LDAP/ta-p/56114 ... View more

Because it matches the Vulnerability signature. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1902 Dealing with false positives is pretty normal - everything will not magically work out of box. First two options tod eal with it on top of my mind are: 1. Change the default action for the whole role if you feel like Lotus Domino vulnerabilities are not your concern (you don't have that in your network, etc.). 2. Create Security rule matching traffic from your server and with different Vulnerability profile assigned which will be created not to trigger this specific vulnerability.    ... View more

Hi,   You can check the applications here - https://applipedia.paloaltonetworks.com/  As far as I looked, didn't see Notes RPC as an app. You will be able to create your own app for identifications purposes, if required.  ... View more

Could this be your issue? https://m.reddit.com/r/networking/comments/4oi72x/palo_alto_owners_get_any_unexpected_logins_from/   Quote from the topic: Thank you for contacting Palo Alto Networks tech support. We have confirmed this affects only 3K platforms. Engineering is working on BUG-98344 to fix this cosmetic issue and it will not occur with installing further dynamic updates. ... View more

Which version of PANOS are you running on? ... View more