About Brandon_Wertz

I agree with @pulukas.  Seem like @pasmartin should get ahold of your Enterprise TAM and get a ticket open with M$. ... View more

This question has been asked in various forms by multiple people.  Working on Sidewinder, CheckPoint, PaloAlto, Juniper, Cisco firewalls this requested function is really too complicated.  Most of the times it's just a "this object is unused (not in policy)" or "this rule is unused (never hit)," but never really accounting for object usage in a rule or how often or how much a rule/object is used.   Really for detailed rule/object analysis a clean easy way is to use a 3-part product called FireMon https://www.firemon.com/ they integrate well with Palo and have great support.  Any enterprise level org would really enhance their FW service ownership by investing in that tool.  (No I don't work for FireMon) ... View more

From what I recalled there are only 2 additional ciphers that version 7.0.X software is capable of processing over version 6.1.X software.   When version 7.1.X software comes out there's projected to be many many more supported cipher suites.  The instability you're alluding to was in PAN-OS software 7.0.3 and <.  Version 7.0.4 is far more stable, especially WTR to SSL. ... View more

We have a VM PAN (7.0.4) with the following specs:   4 proc w/ 1.349GHz 2GB RAM 1 HD w/50GB 2nd HD w/2TB   Our CPU usage is at 10% right now.   On our PAN we have 14 attached devices, and we log A LOT, pretty much everything (start and end logging).  Daily PAN recieves and processes approx 120 Million logs daily.   So there might be something up in your enviornment if you've got such a high CPU usage. ... View more

@mikand I get what you're saying but if you look at Black Hat ... https://www.blackhat.com/us-15/briefings.html#advanced-ic-reverse-engineering-techniques-in-depth-analysis-of-a-modern-smart-card    You can at least get a synopsis of what the presenter is going to address, my contention with this sole media play is there is nothing other than "OMG ... PAN haz vulnz"   No kidding...EVERY IT product is going to have it's security vulnerabilities.  We don't know what Palo has done (if anything) to address what Troopers brought to their attention.   If Troopers would have released something even in the ballpark at least WE the "Community" could scour the CVEs for something related to what Troopers says is out there; but they didn't do that.  So now we're left with baited breath needing to pay for this first hand knowledge.     --Edit--   Further... https://www.blackhat.com/us-15/briefings.html#certifi-gate-front-door-access-to-pwning-millions-of-androids    " CERTIFI-GATE: FRONT-DOOR ACCESS TO PWNING MILLIONS OF ANDROIDS"   "These vulnerabilities allow an attacker to take advantage of unsecure apps certified by OEMs and carriers to gain unfettered access to any device, including screen scraping, key logging, private information exfiltration, back door app installation, and more. In this session, Lacoon researchers will walk through the technical root cause of these responsibly-disclosed vulnerabilities including hash collisions, IPC abuse and certificate forging which allow an attacker to grant their malware complete control of a victims device. We'll explain why these vulnerabilities are a serious problem that in some ways can't be completely eliminated, show how attackers exploit them, demonstrate an exploit against a live device, and provide remediation advice."   They don't tell you how to exploit the code but Black Hat at least lets the community knows WHAT the issue or vulnerability offers up.  Troopers didn't do anything of the sort.  So asking a technology provider to address "tell me everything you've done wrong" is kinda like pissing into the wind. ... View more

@mikand I'm with Tom on this one.  "oh the sky is falling oh the sky is falling."  As this "press release" provides no information what-so-ever it seems more like "Troopers" is just fishing for media time.  If things were really as bad as they're trying to make things out to be why wait?  Why not let the community know? ... View more

We have a fairly large MPLS network with around 200 sites.  Our LANs/WANs all have the appropriate trusts and markings already set up, so we mark in scavenger class specific URL categories.  We haven't yet gone into marking specific applications yet. ... View more

I'm assuming it's not something as simple as gmail, but you're talking about SMTP traffic that's being hosted in Google CDN space? ... View more

When you log into your support account at https://support.paloaltonetworks.com in the "Resources" section there's the "Security Advisories" link ... View more

https://securityadvisories.paloaltonetworks.com/  ... View more

Do you have a requriement for physical port separation?  Can you collapse ports into sub-interfaces, or would that voilate some local policy/requirement you might have? ... View more

@syadav A co-worker of mine IMs me today and says "hey, did you know there's a wide open PCAP that's been running?"   For a period of time unknown to me someone turned PCAP on w/o any filters.  I'm pretty much the day-to-day admin of our Palo enviornment with two other really knowledageable people providing assistance when necessary.  There are some other, less knowledgeable people on our team that have access to the FW, and I'm guessing one of them accidently turned it on w/o realizing it.   It just never occured to me that someone would actually leave on a setting w/such a blatant performance warning.   Post turning the PCAP off Management CPU is down to around 10/15%.     On a related note, I looked through the System and Configration logs and I can't find any record of any modification of the PCAP settings do you know if there's someway to track that change history? ... View more

I was hoping we'd be able to create a custom app sig based upon user-agent, but I didn't see where that was an option.  Given that 6.1.X brought about the ablity to at least see in the log a user agent, I was hoping there could be some deeper controls around this field, but I haven't been able to find one. ... View more

varrcvr logrcvr mgmtsrvr   Are the 3 ones hopping back and forth for top consuming CPU.   varrcvr using sometimes 120%+ ... View more