About BPry

I was actually seeing that alert quite a bit a couple months ago; I've since stopped but I was told that it wasn't that the servers were still vulnerable to it so I imagine that it actually identifies a potential attack. Ask whoever is managing your servers if they have updated them since May, I'm guessing that they have.  ... View more

No issues on 7.0.10; I would upgrade to 7.0.11 since it's the latest code however. I've been running it for a week without any issues.  ... View more

The only option for doing this is through a custom report and specificity (subcategory-of-name eq gaming). To the best of my knowledge you can't actually filter like that on the monitor tab.   ... View more

I'm not sure if everybody else is having the same issue but I can't actually view your image without it getting really distorted to the point I can't actually read anything.  ... View more

QoS can apply to either egress, ingress, or both on the Palo Alto firewall. Since your trying to throttle uploads you would apply this to the egress and leave your ingress unthroattled (Or capped at a higher speed). With the right setup this will function perfectly fine,you just have to figure out what implementation method will actually work in your enviroment.  ... View more

My appologize, kiwi is correct my logs hadn't updated when I ran a quick test of it  ... View more

If you allow SSL and Web-Browsing on the default ports then 4shared will be allowed since it only uses the default ports.  ... View more

This is what my user rules look like; as you can see I am using ssl and web-browsing as the applicaiton with application-default as the service. I have yet to run into any issues except for a few crappy websites put out by small organizations that use weird ports. We do not recieve any issues with these users at all about not being able to access anything. Run without your TUNING rules and see what brakes, I'm guessing not much and you can create rules for the cases where you actually need access to those websites.  ... View more

I'm not really saying that App-ID doesn't work, but things sometimes get messed up depending on the website you are visiting and what not; I wouldn't say that you should really worry about it to much as the four pages of logs that I have are all going to one address that is an add network, so clearly if it started to get blocked I wouldn't care.    What applicaitons are actually breaking when you take out the TUNING rules and just run with the Allow ssl and web-browsing rule? Nothing should really break because of it, generally the only time that I run into an issue is when some web-dev decides to use port 85 or some other random site on a production webserver. If you start running into a lot of issues try running a PCAP and see what is actually being sent, you shouldn't really be having any issues with the SSL and Web-Browsing app-ids even when you don't do any decryption.  ... View more

So a few questions would be: 1) Do you want to stop it from your mail server or just from the personal email web portal? 2) What file types are you actually looking to block, as the Palo Alto can't do them all?   What you could do: 1) Setup a File Blocking profile that includes as many of the file types as you can find that actually fits your needs. 2) Set the direction to whatever you actually need, if you just don't want them to 'upload' them then just select that. 3) Set the action to 'block' so that it actually gets stopped.  4) Assign that profile to your rules that allow your users out to these web portals or whatever rules you actually want this to go on.  5) Make sure that you don't include your email server in this rule if your goal is to still allow people to send these types of documents out or recieve them.    If you are looking to stop them from doing this from your email server then the firewall isn't really going to be your friend here; as your company likely has legitimate business reasons to upload and download email attachments. You can likely do this directly through your email server but you would have to tell us if your using exchange or some other email service to actually give you any insight into this.   ... View more

To add to this if you are remotely managing these devices then I would highly recommend setting a management profile that strictly limits the amount of IP addresses that can actually manage this device. That way you can not only be secure in knowing that nobody can just login to your device but they won't even see the login page or get access to the devices management if they don't have the set IP addresses.  ... View more

Could you post a screenshot of the rules that you have created for tunning. If you create a rule for SSL and Web-Browsing with applicaiton default ports then almost all common web-browsing is going to hit those rules and I would suspect that hardly any of the sites that you visit are using anything but 443 or 80. As far as web-browsing sometimes coming across over 443 identified traffic I wouldn't be to concerned, I currently have four pages that match that criteria in an enviroment where we don't keep logs long. App-ID is not flawless by any means and while web-browsing is only supposed to be tcp/80 it can get caught up as tcp/443 sometimes.   ... View more