Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- ›
- About mbrownnyc
About mbrownnyc
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
01-24-2018
11Posts
4Likes
0Solutions
Jan 24, 2018Last Visited
User
Activity
User
Profile
Latest posts by mbrownnyc
| Subject | Views | Posted |
|---|---|---|
| 311 | 01-18-2018 07:10 AM | |
| 1319 | 07-13-2017 01:19 PM | |
| 1399 | 01-05-2017 06:28 AM | |
| 1971 | 07-22-2016 07:04 AM | |
| 1977 | 07-22-2016 05:12 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 2 | 07-19-2016 01:40 PM | |
| 1 | 07-22-2016 05:12 AM | |
| 1 | 04-21-2015 10:06 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 |
User Badges
Public Statistics
| Date Registered | 11-21-2014 07:44 AM |
| Date Last Visited | 01-24-2018 03:13 PM |
| Total Messages Posted | 11 |
| Total Likes Received | 4 |
01-18-2018
07:10 AM
Hello all, Does anyone have an SSLCipherSuite available for httpd that will work well allowing decryption but maintaining the highest level of security? The documentation here reflects the supported ciphers, but I'm having some trouble translating this into a viable SSLCipherSuite: https://www.paloaltonetworks.com/documentation/global/compatibility-matrix/supported-cipher-suites/cipher-suites-supported-in-pan-os-8-0#id8e00413d-96d5-4a75-9e5c-097bc4d47293 Thanks, Matt
... View more
07-13-2017
01:19 PM
I got you, fam. Created By: Solomon Victor (1/10/2017 3:17 PM)
Hello,
Hope you are doing well.
You may forward the logs for the correlated events by following the below article
Navigate to "Device > Log Setting > Correlation"
Perform the following steps for each log type. For System and Correlation logs, start by clicking the Severity level. For Config and HIP Match logs, start by clicking the Edit icon.
a) Select the Panorama check box if you want to aggregate firewall logs on Panorama. You can then configure Panorama to forward the logs to the external services.
Note: You cannot forward Correlation logs from firewalls to Panorama. Panorama generates Correlation logs based on the firewall logs it receives.
b) Select the SNMP Trap, Email, or Syslog server profile you configured for this log type and click OK.
Configure Log Forwarding: https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/monitoring/configure-log-forwarding
Device Log Settings: https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/device/device-log-settings
Regards,
Solomon Victor | Technical Support Engineer
Shift Time : 9:00 AM – 5:00 PM PST
Email : svictor@paloaltonetworks.com
Support Contact: US: (866) 898-9087, Outside the US: +1-408-738-7799
Palo Alto Networks | 4401 Great America Parkway, Santa Clara, CA 95054, USA Would have loved to be in that meeting with the engineers and the UI guys for this one while they tried to figure out where to put this setting.
... View more
01-05-2017
06:28 AM
Hello all, It appears that we have had at least a single correlated event in the past seven days, but did not recieve any alert related (via any configured log forwarding profile). It appears the each match that was correlated did perform a log action, but the actual correlated event did not. How do I attach a log forwarding action for Correlated Events? Thanks, Matt
... View more
07-22-2016
07:04 AM
Thanks for the reply! Do you have an example you're willing to share? Thanks, Matt
... View more
07-22-2016
05:12 AM
1 Kudo
I have blocked ".able". What I (and you (?)) expect to happen: block: nic.able not block: www.able.org/index.html or foo.docs.able.google.com or https://encrypted.google.com/search?hl=en_q=inurl:able What actually happens: block: nic.able not block: www.able.org/index.html or foo.docs.able.google.com and https://encrypted.google.com/search?hl=en_q=inurl:able However, if I also block ".google": What I (and you (?)) expect to happen: block: nic.google not block: www.google.com/index.html or docs.google.com or https://encrypted.google.com/search?hl=en&q=inurl%3Agoogle What actually happens: block: nic.google and https://encrypted.google.com/search?hl=en&q=inurl%3Agoogle not block: www.google.com/index.html or docs.google.com So, although .able worked, the strategy in general doesn't work. Any further assistance is appreciated. Thanks, Matt
... View more
07-19-2016
01:40 PM
2 Kudos
Hello all, I'm attempting to block about 1340 TLDs with a URL filter. However, I can't seem to get the URL filter to not block any URL where the TLD string is part. For example: If I want to block the .able TLD, I block "*.able" via a URL Category that's linked to a URL filter that's linked to a profile on a policy. I expect the following results: block: nic.able not block: www.able.org/index.html or foo.docs.able.google.com What actually happens: block: nic.able, www.able.org/index.html and foo.docs.able.google.com So, the wildcard "*.able" acts the same as a regex .*able.* You might think that "*.able/" resolves this in this case: I expect to happen: block: nic.able not block: www.able.org/index.html or foo.docs.able.google.com or https://encrypted.google.com/search?hl=en_q=inurl:able What actually happens: block: nic.able and https://encrypted.google.com/search?hl=en_q=inurl:able not block: www.able.org/index.html or foo.docs.able.google.com So, the wildcard "*.able/" acts the same as a regex .*[.]able$ The reason why I wish to block TLDs is simple: I ran a regressive query against all URLs accessed by my company for three months (we are capturing traffic using Moloch "network VCR") and only about 50 TLDs are ever accessed. ICANNs total list of TLDs contains 1405 TLDs (https://www.icann.org/resources/pages/tlds-2012-02-25-en). The only time I see hits against odd TLDs is in attack events. So, given that the cost-reward is so high, I wish to block TLDs. This seems like an odd weakness to have in the URL filtering engine that could be resolved with a single line of code. So I'll hope and assume that I'm doing something wrong. Is it possible to block TLDs? SEs, please feel free to access case: 00515922 Thanks, Matt
... View more
10-20-2015
07:47 AM
Thanks.
I'll try to escalate this as a feature request through my SE.
... View more
10-20-2015
07:27 AM
Hello,
Is it possible ot change the config-output-format of the web UI config audit previews to `set`?
Thanks,
Matt
... View more
04-21-2015
10:06 AM
1 Kudo
I'm actually trying to handle: https://www.google.com/url?q=https%3A%2F%2Fwww.dropbox.com%2Fs%2F3629en16p7n2gyg%2FAutomated_Clearing_House_transaction6971.doc%3Fdl%3D1&sa=D&sntz=1&usg=AFQjCNHcCM7TtsC5x7MLN8ha5av6hCxdRw I ended up using: .*Automated_Clearing_House_transaction.*\.doc.* I used this to test: http://regexpal.com/ What do you think? Any way to make the regex case insensitive? (?i).*Automated_Clearing_House_transaction.*\.doc.* is not accepted by PAN. [update] Local SE confirmed that there is no case-insensitive support... would utilize too much CPU. Thanks!
... View more
04-21-2015
09:25 AM
Thanks all. For this case, would the following regex work? .*Automated_Clearing_House_transaction.* Which regex engine does PAN use so I can find a tester? How do I apply this to a policy?
... View more
04-21-2015
08:50 AM
Hello, I'd like to create a URL filter to block/deny any URL that has an arbitrary string in it. I was referred to this forum by Palo Alto Support. In this specific case, the string I'd like to block is "Automated_Clearing_House_transaction". How can I do this? Thanks, Matt
... View more
- Tags:
- how_to
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-24-2018
03:13 PM
|
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
