About Brandon_Wertz

Maybe if you provide what you're actually trying to match on? ... View more

No I've never asked for an updated one. ... View more

As an aside...Back in 2014 I got my SE to provide a document "Monitoring Best Practices."     This document is 72 pages in total and describes in detail all aspects of the box.  Might be worth reaching out to your SE and get this document, or perhaps a newer one if they've updated it.   The document is Palo confidential but my company has an NDA with Palo, so you may or may not be able to get this document. ... View more

Block?   Isn't that only an option for a "file blocking" policy?   I thought it was in version 7.0.X where the decoupled fileblocking with WF.  So in 7.0.X on WF has it's own policy and the only options I see really are upload/download directionality and where the WF analysis would be. ... View more

@soporteseguridad   Yes, provided you have a domain trust for the domain in which the service account that runs the software exists.   We have 7 different domains in our enviornment and our UIA enviornment can successfully see users in the necessary domains. ... View more

@inzamam.shahid Ask and you shall receive.  It appears "vyprvpn" is now a recognized application per content update 564. ... View more

@TheRealDiz I'm thinking that Palo will be able to get this fixed in a 4 year window that exists before this can be seen again. ... View more

The drawback to "highlight unused rules" is that it's predicated upon a timer set by when the firewall was last rebooted.  So if someone might have rebooted the firewall last say around feburary and a company's tax office while completeing year-end tax business it's possible that rules might have been erroneously identified as being unnecessary.   Unused rules also doesn't take into account the objects used within the rule. ... View more

So you've got an Anti-Spyware policy set up like this:       With no logs in threat that look like this?       Do you have any "Traffic" logs of hosts going to your sinkhole IP? ... View more

Hrmm, I'd with "ANY" there that it would have worked.  Did you have a URL profile applied?   I've never thought about or experienced it before, but I would have guessed is that it would have been allowed.  But maybe if there wasn't a URL profile applied it needed specific URL categorization to be defined vice just an "ANY" in the security rule when a URL profile isn't defined. ... View more

@john.imperial   I'm just curious, you said originally the rule allowed an "ANY" URL category and the traffic was failing?  To get it to work you had to add both "business-economy" and "government?" ... View more

I'm sure everyone else on here got that e-mail but in case you didn't here's a snippet:   " ...All customers are advised to upgrade PAN-OS and Panorama to the latest maintenance releases before March 16th, 2016, when details of the vulnerabilities will be publicly disclosed at a security conference in Germany by the security researcher that discovered and reported these issues to us..." ... View more

Nothing earth shattering revealed from Troopers...Vulnerabilities sure, but nothing no other similar IT product doesn't routinely have happen.   With mitigations and fixes for all seems like, just as I thought, much ado about nothing! ... View more

@lewis in the threat log if you're seeing "wildfire-virus" as a type, I don't think you're gonna see a submission report.  That log type just means, as I understand it, that somewhere in the "WildFire network" the communications stream/file was seen and was determined to be malicious.  So that signature was added at somepoint to the threat subscription you have.   So it wasn't necessarily a WildFire submission in your environment which created the original signiture and as such you wouldn't see a report.   https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/framemaker/70/pan-os/pan-os.pdf    P. 29 "WildFire—Provides near real-time malware and antivirus signatures created as a result of the analysis done by the WildFire cloud service. Without the subscription, you must wait 24 to 48 hours for the signatures to roll into the Applications and Threat update"     --EDIT--   Under the "Threat Logs" this describes the log P.321 "wildfire—A WildFire verdict generated when the firewall submits a file to WildFire per a WildFire Analysis profile and a verdict (malicious, grayware, or benign, depending on what you are logging) is logged in the WildFire Submissions log. wildfire-virus—Virus detected via an Antivirus profile."   So yeah one will have the report, one won't. ... View more