About mharding

mharding · ‎08-27-2010

Have you double checked your configuration and the pre-shared key? Configuring IPSec VPN- Layer 2.pdf

mharding · ‎08-27-2010

There are multiple ways to do this. Do you just want to block this user? Do you want to block access to the app for everyone? Do you want to block the URL? Best case, capture the traffic in a pcap and then send it to support. If they have enough information, they can build a app from that packet capture. Or you could wait another two weeks. Palo Alto released an app for FaceTime about a week after it was in the wild. http://www.paloaltonetworks.com/researchcenter/2010/08/whats-appening-with-apple-facetime/

mharding · ‎08-27-2010

Blocked from being downloaded from the iTunes App Store, or blocked from my outbound calls from your trusted network?

mharding · ‎08-26-2010

That is odd. They had a problem in PAN OS 3.1.3 where the PA-20xx series would just lock up and a reboot would be the only fix, but they said they fixed it in PAN OS 3.1.4. Very odd indeed.

mharding · ‎08-26-2010

This should explain everything: YouTube Video Control

mharding · ‎08-26-2010

Here's what I saw in the PCAP: GET /yt/cssbin/www-core-vfl186161.css HTTP/1.1 Accept: */* Referer: http://www.youtube.com/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1) Accept-Encoding: gzip, deflate Host: s.ytimg.com Connection: Keep-Alive So our problem is that using the RegEx expression .*(Host:).*(s.ytimg.com) is not seven bytes. The RegEx expression must be seven bytes in order to be accecepted by PAN OS. You may have to use a URL filtering profile here to block the domain ytimg.com.

mharding · ‎08-26-2010

Try this link from the Technical Documentation section: https://support.paloaltonetworks.com/index.php?option=com_pan&task=dl_tech_doc&filename=PAN-MIB-MODULES.txt Message was edited by: umphmharding

mharding · ‎08-26-2010

You'll want to open a support case for this one. They'll want to tech-support log to determine what happened. I believe this is the command is PAN OS 3.1.4 to generate a tech-support dump from the CLI. request tech-support dump It may be an issue with the management server process. You can try restarting the management server with this command: debug software restart management-server

mharding · ‎08-26-2010

I would just lock the app down the smtp and the service to application-default.

mharding · ‎08-26-2010

You could create a custom app that looks for this RegEx in the http-req-header: .*(ytimg.com) A URL filter might be a better choice, but there are mulitple ways to accomplish the same task.

mharding · ‎08-26-2010

In your example, if would take the block action only if the network traffic matches what's in the threat database.

mharding · ‎08-26-2010

I would set the service to port 25, and then observe what applications are being used. I imagine that it will be the smtp and ssl apps.

mharding · ‎08-25-2010

If you are wanting a specific user, you can run the User Activity Report. It generates a PDF that's easy to read. Otherwise you could build a report under Manage Custom Reports with the criteria you are looking for, and then run it as either a PDF or CSV file. You can also schedule the reports to run daily, weekly, or monthly and have them emailed to you.

mharding · ‎08-25-2010

Nmap is an open source utility used to scan map networks, and scan for open ports on workstations and servers. During the scripting stage of the network scan, Nmap will attempt to connect using HTTP, and has it's own user agent. User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html) Nmap does contain the ability to change the user agent to any user agent, the vulnerability will defend off most script kidies and novices. This vulnerability is set to alert so you can monitor your network to make sure there are no false positives. Please let me know if you have any problems, and I'll try to refine the RegEx.

mharding · ‎08-24-2010

After you created the report, did you commit the changes?

Member Since	‎07-30-2009 01:30 PM
Date Last Visited	‎09-27-2019 04:33 PM
Posts	286
Total Likes Received	71

Online Status	Offline
Date Last Visited	‎09-27-2019 04:33 PM

About mharding

Re: SSL Forward Proxy Edge Browser problems

Re: Global Protect LSVPN Dual ISP Redundancy

Re: real time interface monitor

Re: User-ID Agent placement (Domain Controller)

Re: SSL Ciphers

SSL Ciphers

PA-5020 Fans?

Re: Endpoint Protection from PaloAlto - It’s Here!

Re: Experience with PANOS 6 so far ?

Re: On-demand ipsec tunnels?

Re: Cannot access web console of PA under Windows server OS

Re: Commit vs. Commit Force

Re: How to Manage External Users via UIA/PAN

Re: User Identification Agent

Re: TLS

Re: SSL Forward Proxy Edge Browser problems

Re: Any issues not documented on version 8.0.6?

Re: Server certificate verification failed

Re: Is Palo vulnerable to the shell shock Linux bug?

Re: Experience with PANOS 6 so far ?

Re: IPSEC tunnel due to timeout problem

Re: Google Phone app

Re: Google Phone app

Re: Triage / troubleshooting a hung PA box?

Re: Creating Youtube App Filter

Re: Creating Youtube App Filter

Re: PAN MIBs

Re: Triage / troubleshooting a hung PA box?

Re: TLS

Re: Creating Youtube App Filter

Re: Acting on Vulnerability threats

Re: TLS

Re: How to find what URLs a specific users has been on?

Detecting the Nmap Scanning Engine User Agent

Re: Custom Reports

Unlock your full community experience!

About mharding