This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
About Chris_Johnston
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About Chris_Johnston
06-29-2022
21Posts
4Likes
0Solutions
Jun 29, 2022Last Visited
User
Activity
User
Profile
Latest posts by Chris_Johnston
| Subject | Views | Posted |
|---|---|---|
| 1121 | 12-01-2021 08:33 AM | |
| 2095 | 09-02-2021 06:22 AM | |
| 2172 | 09-01-2021 12:05 PM | |
| 1341 | 07-27-2021 05:56 AM | |
| 1508 | 07-20-2021 12:28 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 07-20-2021 12:28 PM | |
| 3 Likes | 03-22-2021 06:35 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like | |||
| 1 Like | |||
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 01-07-2019 10:18 AM |
| Date Last Visited | 06-29-2022 12:13 AM |
| Posts | 21 |
| Total Likes Received | 4 |
12-01-2021
08:33 AM
Did you ever get this resolved? What was the solution?
... View more
09-02-2021
06:22 AM
Makes sense it would log in all, unless you went into each VP and marked it as 'ignore'. That was the challenge with creation of app - it overrides all other icmp apps and unless you create a new application group 'icmp-all' that included icmp and the customs....potential for things to be missed Edit: Actually, no...doesn't make sense on the VP now looking in depth. Probably one of those PA gotchas Thanks for crafting the signature! I'm looking forward to seeing it in my lab (and potentially prod!)
... View more
09-01-2021
12:05 PM
Has anyone had success in creation of threat signatures for ICMP type? I've seen (and tested) the Palo Alto guide on creation of an app to block/allow specific ICMP types and was trying to log a threat event for potential use and visibility versus creation of a new application (and needing to create a new app-id group to accommodate all ICMP types) https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFZCA0 Working app-id CLI: set application icmp-type8 default ident-by-icmp-type type 8 set application icmp-type8 subcategory ip-protocol set application icmp-type8 category networking set application icmp-type8 technology network-protocol set application icmp-type8 risk 1 Non working threat CLI: set threats vulnerability 44008 signature standard icmp-req-data and-condition "And Condition 1" or-condition "Or Condition 1" operator pattern-match pattern 8 set threats vulnerability 44008 signature standard icmp-req-data and-condition "And Condition 1" or-condition "Or Condition 1" operator pattern-match context icmp-req-data set threats vulnerability 44008 signature standard icmp-req-data and-condition "And Condition 1" or-condition "Or Condition 1" operator pattern-match negate no set threats vulnerability 44008 signature standard icmp-req-data order-free no set threats vulnerability 44008 signature standard icmp-req-data scope protocol-data-unit set threats vulnerability 44008 default-action alert set threats vulnerability 44008 threatname chrisvuln-icmp-type8 set threats vulnerability 44008 severity informational set threats vulnerability 44008 direction both set threats vulnerability 44008 comment "ICMP type 8" set threats vulnerability 44008 affected-host client yes
... View more
07-27-2021
05:56 AM
Just an update - asked TAC to confirm bugID was correct. Engineering did duplicate it to previously found PAN-112175. Fix in 9.1.11 ETA 8/5/21 No plans to backport to 9.0.x yet.
... View more
07-20-2021
12:28 PM
1 Kudo
I'll update you on my case status when I get one. As of right now, it noted it *should* be fixed in 9.1.11 PAN-112175 Fix in 9.1.11 ETA 8/5/21
... View more
07-20-2021
12:15 PM
Did you ever get an answer? I have a case opened today for adding a 7/8th gateway to an 850 running 9.0.12 with the same error message failing.
... View more
06-01-2021
10:52 AM
Which patch ID are you looking for out of curiosity? Might be able to come up with the config for you to paste in
... View more
06-01-2021
06:19 AM
One in the same 🙂
... View more
04-19-2021
11:44 AM
Thanks for the followup. Will bug our TAM to see where it's at on the FR list.
... View more
04-19-2021
10:38 AM
Did you ever determine how to do this? +1 for interest / to the top
... View more
04-12-2021
08:06 AM
I would do this using several NAT rules (one for each subnet). See the third example on the static NAT section for use with subnets. (I have also configured and tested this in the past) https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/nat/source-nat-and-destination-nat/destination-nat.html
... View more
03-22-2021
06:35 AM
3 Kudos
Figured I'd share this here as I already have on another platform. Been using PanOS for ~8 years and came across something with URL filtering and wildcards. URL filters with wildcards will match on the front, and back of the URL(implicit), if you don't use the trailing /. What this means is *.microsoft.com doesn't just match www.microsoft.com, but also www.microsoft.com.uk. BUT, it also matches www.microsoft.com.malware.com (tested in a lab environment - feel free to test in yours) - it doesn't stop at domain 'extensions' Note - this is by design and something in PanOS release notes back to 5.x (that I was able to dig up), so nothing to open a case with PA for a bug. Not a huge issue with block lists as you'll just be blocking more than you intend to, but for allow lists - could be a bit of a problem. Worth a review of your allow lists for sure, as custom categories will be processed before pandb classification. https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/url-filtering/block-and-allow-lists.html Use to indicate one or more variable subdomains. If you use * , the entry will match any additional subdomains, whether at the beginning or the end of the URL. Use a forward slash at the end of the entry if you do not want to match any additional subdomains beyond that point. Ex: *.paloaltonetworks.com matches www.paloaltonetworks.com and www.paloaltonetworks.com.uk. *.paloaltonetworks.com/ matches www.paloaltonetworks.com but not www.paloaltonetworks.com.uk.
... View more
- Tags:
- URL filtering
01-11-2021
11:13 AM
How many group mapping profiles are present? We saw something similar in our environment where we had multiple group mapping profiles configured with different primary username attributes. Once the firewall refreshes the group mappings, the last 'primaryusername' will replace them and cause a mismatch Example: Group Mapping Profile 1 User/Group Attributes / Primary Username / 'UPN', secondary/email = samaccountname Group include list 'admin users' userfirst.last@domain.com userfirst.last2@domain.com Group Mapping Profile 2 User/Group Attributes / Primary Username / 'samaccountname', secondary = UPN Group include list 'domain users' domain\flast domain\flast2 Once groupmapping profile '2' refreshed, the firewall would detect first.last as an attribute of domain\flast and replace the mapping. However, group mapping is a direct match...not an attribute match.
... View more
10-20-2020
01:25 PM
This is officially supported now (release/update today) https://docs.paloaltonetworks.com/compatibility-matrix/terminal-services-ts-agent/terminal-services-ts-agent-table.html#id17CBA50079Z
... View more
08-24-2020
05:51 AM
Timing is perfect as I'm also interested in this. Per PA docs, not supported OS, but going to open case and check with our SAM as well. https://docs.paloaltonetworks.com/compatibility-matrix/terminal-services-ts-agent/terminal-services-ts-agent-table.html
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-29-2022
12:13 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks