This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About dannon

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
dannon
‎10-30-2024
since ‎08-05-2014
L3 Networker
User Activity
User Profile
Latest posts by dannon
View All
User Badges
Community Statistics
Member Since ‎08-05-2014 12:21 PM
Date Last Visited ‎10-30-2024 12:05 PM
Posts 57
Total Likes Received 12

User-ID Agent 8.1 help needed

by in General Topics
‎04-16-2018 10:34 AM
‎04-16-2018 10:34 AM
Hello.   AD integration using the User-ID agent.  We were on 8.0.7-2 and things were working fine.   I tried upgrading to version 8.1.0-66 and had several problems with wrong user-id being reported.  I saw in the release notes for 8.1: • Since multiple username attributes are supported, you must select the Primary Username attribute that you want to use for user identification. • Previously, the firewall normalized usernames received from User-ID sources (such as an LDAP directory) to the domain\username format. In PAN-OS® 8.1, when the Primary Username is in UPN format, it will not be normalized as in previous PAN-OS versions. As a result, usernames   My question is if I use the new agent, how can I get my username to show up as domain\userid again?   When I tried 8.1.0-66 I was seeing usernames as domain@username and MACHINENAME$   All my rules broke. To correct quickly, I reverted back to the older user-id version.   Thanks, Dannon   ... View more

Re: UserID Reporting Computer Names

by in General Topics
‎04-04-2018 12:19 PM
‎04-04-2018 12:19 PM
I saw this also.  I upgraded to User-Agent 8.1.0 and started seeing strange things.   Release notes said Palo changed default naming convention and that it won't display it as domain\username anymore.   I was seeing lots of user@domain.name and a lot of machinename$ listings. I didn't know how to fix.   I got burned and rolled back to prior version.  Issues went away.   FWIW Dannon   ... View more

Re: Troubleshooting SSL decryption failure of a website

by in General Topics
‎01-16-2018 09:41 AM
‎01-16-2018 09:41 AM
OK.   I think that fixed it.   I'm confused now about how to enter URLs into the Palo -   for adding URLs to a custom category rules, I read here on Palo's site to enter them as   *.domain *.domain/   to catch everything.  This would be if I wanted to recategorize a URL from a blocked to an allowed custom-URL category.  Or vice-versa.   I thought adding them to a no-decryption rule would be the same thing.     ... View more

Re: Troubleshooting SSL decryption failure of a website

by in General Topics
‎01-16-2018 06:59 AM
‎01-16-2018 06:59 AM
Hello.   I've got all of my URLs in a custome URL category called "no decrypt".  I've got my decryption rules with the no decryption up top     Decryption rule #1 is for bypass.  All other traffic gets decrypted by rule #5.  Rules 2-4 don't apply in this situation.   I also just verified that I have the following in my "no-decryption" URL category:   *.clever.com *.clever.com/   I wasn't sure if I needed both URLs in a decryption bypass rule, so I have both.       ... View more

Re: Troubleshooting SSL decryption failure of a website

by in General Topics
‎01-12-2018 01:37 PM
‎01-12-2018 01:37 PM
Here are the 2 screenshots.  I've got the excel files also, but don't know how to upload them.     Good Fail ... View more

Re: Troubleshooting SSL decryption failure of a website

by in General Topics
‎01-12-2018 09:10 AM
‎01-12-2018 09:10 AM
OK.   I can do a packet capture on the Palo with and without decryption turned on, so I'd hae 2 sets of captures (drop, firewall, transmit, receive)   Which ones would you like me to upload here?   ... View more

Troubleshooting SSL decryption failure of a website

by in General Topics
‎01-10-2018 10:14 AM
1 Kudo
‎01-10-2018 10:14 AM
1 Kudo
Hello.   We are using panOS 8.0.7 , Pan-DB URL filtering, and SSL decryption.   We are K12 education and use many Chromebooks in the organization.   We are trying to use a system called Clever to have our students log into their Chromebooks by scanning a QR code.  The problem is I cannot get the program to work. (https://clever.com/)   I know the issue is with the SSL decryption because if I exclude the device from decryption, things works correctly and I am prompted to scan my QR code.  With decryption turned on, I get a hung screen and can't proceed to the next step of login.   I have worked with Palo TAC and Clever support and haven't been able to get it working.   I have many URLs excluded from decryption that Google and Clever say need to be bypassed from decyption as well.   My next thoughts would be to run some packet captures, but I'm not that familiar with Wireshark analysis.  I am thinking I need to look at the headers to see if there are any other URLs which I don't have in my exclude list.   Under the traffic logs, for the sessions, I can see some entries are being decrypted.  In the URL filtering logs, I can see the sessions are not being decrypted.   Anyone have any thoughts on this, or would be willing to help out? Dan   ... View more

Re: Spyware Infect Host report from P.A.

by in General Topics
‎11-21-2017 07:50 AM
‎11-21-2017 07:50 AM
Just to add to the conversation-   we do SSL decryption and always have hundreds to thousands of these alerts a day.  We've always had them, and I just ignore them because they are never an active threat, more informantive in nature.   In spite of all of this, I still get a twinge of concern when I see them populate my logs.  I want to react to them because I see so many listed.   Security-minded brain and all.  LOL   Dannon   ... View more

Re: SSL Website won't load with decryption enabled

by in General Topics
‎11-15-2017 10:46 AM
‎11-15-2017 10:46 AM
Thanks.   We run 8.0.5 and I'm glad it's not unique to our setup.   I have excluded the website for the time being. Dannon   ... View more

SSL Website won't load with decryption enabled

by in General Topics
‎11-14-2017 01:59 PM
‎11-14-2017 01:59 PM
Hello.   One of my users was trying to go to:   https://mn.b3benchmarking.com/Launch   We have SSL forward proxy enabled.  If I exclude the site from decryption is comes up fine.  We are not using any decryption profiles.   Can anyone tell my why the sites won't come up?   I did run a check using   https://www.ssllabs.com/ssltest/analyze.html?d=mn.b3benchmarking.com   but am not sure how to interpret the output.   Thanks, Dannon   ... View more

Re: Allowing Mapquest

by in General Topics
‎11-14-2017 01:55 PM
‎11-14-2017 01:55 PM
I experienced similar issues.  We have a group of users with access to only a few websites.  In order for them to display properly, I had to watch each one in the logs and also whitelist all the other linked sites like CDN URLs, etc.   It worked, but took time, but I got hit up for it a week later because there was a spot on the webiste I didn't go to that had another URL I needed to whitelist.   Terrible pain in the bum for sure.   Whish there was a more elegant way. Dannon   ... View more

Re: How to block unknown machines from traversing the network

by in General Topics
‎10-06-2017 07:09 AM
‎10-06-2017 07:09 AM
We looked at this scenario and found that a prodcut like Cisco ISE or similar Network Access Control product would do this.  Cost prohibitive for us, so we just have to live with it for now.  I would much prefer to know who is coming and going on the wired / wireless networks here.   ... View more

Custom Report Query Building Help Needed

by in General Topics
‎09-28-2017 01:59 PM
‎09-28-2017 01:59 PM
I'm having a hard time getting my URL report built and sorted.   I want to accomplish the following   1. category must match ADULT or NUDITY 2. source user must not be a member of FILT_STAFF or M_FILT_STAFF active directory groups (basically students) 3. search all IPs in 10.0.0.0/8 EXCEPT the following subnets      10.10.0.0/21      10.10.8.0/22      10.7.48.0/21      10.7.56.0/21      10.9.0.0/21      10.9.8.0/21   Another way of prhasing it: show me all students who went to PORN or NUDITY sites.  Don't show me any IPs which don't have "domain\<student id>" listed as the source user.  I don't want to see our BYOD wireless or Chromebook subnets because there is no authentication.   Any suggestions? Dannon     ... View more

Re: Quality of tech support in recent months

by in General Topics
‎09-22-2017 11:49 AM
‎09-22-2017 11:49 AM
My case as well.   I had an issue open for 2.5 months.  I tried escalating the case, but it never did.  One of my calls, the tech couldn't even determine the windows server version we were running for our User-ID agent.  I had to show him how to get that info.  My boss finally had to call our new SE (never told the old one left) and threaten.  We got good service then.   SE told us that Palo prides themselves on top-tier support, but in the last year have grown so much that they can't get competent people to fill level-1 support.  We had a meeting with our SE and the regional manager and they both said Palo is very aware of the problem and are actively taking steps to fix.  He said this comes from almost the very top of management.   I hope Palo comes through. Dannon   ... View more

URL Filtering - Chrome Device Client

by in General Topics
‎08-10-2017 11:33 AM
‎08-10-2017 11:33 AM
Long time Palo user. We use the URL filtering add-on.   Anyone know if Palo plans on making an extension for Chrome devices?  Every other URL filter has this already, and we may have to move off Palo to get this functionality.   Thanks. Dannon   ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎10-30-2024 12:05 PM
Latest Tags
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks