About mbrownnyc

Hello all,   Does anyone have an SSLCipherSuite available for httpd that will work well allowing decryption but maintaining the highest level of security?   The documentation here reflects the supported ciphers, but I'm having some trouble translating this into a viable SSLCipherSuite: https://www.paloaltonetworks.com/documentation/global/compatibility-matrix/supported-cipher-suites/cipher-suites-supported-in-pan-os-8-0#id8e00413d-96d5-4a75-9e5c-097bc4d47293     Thanks,   Matt ... View more

Hello all,   It appears that we have had at least a single correlated event in the past seven days, but did not recieve any alert related (via any configured log forwarding profile).   It appears the each match that was correlated did perform a log action, but the actual correlated event did not.   How do I attach a log forwarding action for Correlated Events?     Thanks,   Matt ... View more

Hello all,   I'm attempting to block about 1340 TLDs with a URL filter.  However, I can't seem to get the URL filter to not block any URL where the TLD string is part.   For example: If I want to block the .able TLD, I block "*.able" via a URL Category that's linked to a URL filter that's linked to a profile on a policy.    I expect the following results: block: nic.able not block: www.able.org/index.html or foo.docs.able.google.com   What actually happens: block: nic.able, www.able.org/index.html and foo.docs.able.google.com   So, the wildcard "*.able" acts the same as a regex .*able.*     You might think that "*.able/" resolves this in this case: I expect to happen:   block: nic.able not block: www.able.org/index.html or foo.docs.able.google.com or https://encrypted.google.com/search?hl=en_q=inurl:able   What actually happens: block: nic.able and https://encrypted.google.com/search?hl=en_q=inurl:able not block: www.able.org/index.html or foo.docs.able.google.com So, the wildcard "*.able/" acts the same as a regex .*[.]able$   The reason why I wish to block TLDs is simple: I ran a regressive query against all URLs accessed by my company for three months (we are capturing traffic using Moloch "network VCR") and only about 50 TLDs are ever accessed. ICANNs total list of TLDs contains 1405 TLDs (https://www.icann.org/resources/pages/tlds-2012-02-25-en).   The only time I see hits against odd TLDs is in attack events. So, given that the cost-reward is so high, I wish to block TLDs.     This seems like an odd weakness to have in the URL filtering engine that could be resolved with a single line of code.  So I'll hope and assume that I'm doing something wrong.     Is it possible to block TLDs?   SEs, please feel free to access case: 00515922     Thanks,   Matt ... View more

Hello,   Is it possible ot change the config-output-format of the web UI config audit previews to `set`?     Thanks,   Matt ... View more