cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

About jmurphy

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
jmurphy
a month ago
since ‎01-25-2013
L2 Linker
User Activity
User Profile
User Badges
Community Statistics
Member Since ‎01-25-2013 07:52 AM
Date Last Visited a month ago
Posts 15
Total Likes Received 2

GlobalProtect Qualys: 150307 External Service interaction via Host Header Injection

by in GlobalProtect Discussions
‎09-07-2021 10:32 AM
1 Kudo
‎09-07-2021 10:32 AM
1 Kudo
Has anyone scanned their GlobalProtect Portals/Gateways with a Qualys WAS scanner?  With GP running version 10.0.x, it's reporting back QID 150307 External Service interaction via Host Header Injection.     The scanner injects a special FQDN in the Host header and X-Forwarded-Host header. Qualys Periscope is used to detect any subsequent DNS request and identify the presence of the vulnerability. Impact Attackers can potentially redirect users to unintended servers under the attacker's control. Other possible consequences include altered control flow, arbitrary control of a resource, arbitrary code execution. XSS, access to internal hosts, web cache poisoning, or HTML injection. Solution ... View more

Re: TAC support has gone missing, again :-(

by in General Topics
‎07-22-2021 08:09 AM
‎07-22-2021 08:09 AM
Called the main TAC number a few days ago.  Was on hold for nearly 2 hours...gave up and hung up! Never even got to a person! ... View more

Re: 10.0 user-id agent ignore_user_list not working

by in General Topics
‎07-22-2021 08:02 AM
‎07-22-2021 08:02 AM
Appears to be a problem with the user-id agent and UPN format.  If I add the sAMAccountName and UPN format for an account to the ignore_user_list, it gets ignored.  We didn't have to have the UPN prior to the 10.0.x user-id agents.  We also have some domain\account*   entries...  I tried account*@domain.com but that doesn't seem to work.  So I've updated my TAC case to see if they can assist.  Not sure if this is a bug or configuration issue, though there's very limited config options for the UID agents.   Just posting in case someone else has this issue also! ... View more

10.0 user-id agent ignore_user_list not working

by in General Topics
‎07-20-2021 01:32 PM
‎07-20-2021 01:32 PM
Since upgrading to pan os 10.0.6, we've noticed the "ignore_user_list" on our server user-id agents doesn't seem to be working.  We did not have any issues prior to upgrading to 10.0.x.  Has anyone else noticed this issue?  We upgraded our user-id agent to 10.0.3-10 (latest version) at the same time.  We have a support ticket open, but have yet to find a solution. ... View more

Re: Support for newer OS for Minemeld

by in General Topics
‎05-21-2021 08:18 AM
‎05-21-2021 08:18 AM
I have the same question!  I can't seem to find any information about it.  I've emailed our Palo SE. ... View more

Re: Slow Google searches on 9.0

by in General Topics
‎12-21-2020 09:12 AM
‎12-21-2020 09:12 AM
So far nothing useful to report from the tac case.  After the content update 8356, it does seem to be working better though. ... View more

Re: Slow Google searches on 9.0

by in General Topics
‎12-09-2020 12:34 PM
1 Kudo
‎12-09-2020 12:34 PM
1 Kudo
While waiting on TAC to call me back, I found this forum and tried the "workaround"...worked for me!  So I guess now I can tell TAC what's actually wrong.   ... View more

Re: Outlook 2016 unable to open while on GlobalProtect

by in General Topics
‎03-19-2020 10:19 AM
‎03-19-2020 10:19 AM
We're currently running split-tunnel, but the split tunnel is only to exclude a few domains not related to O365.  I'm not finding ANY denied logs.  We even added FULL internet access based on any, any, any with no IPS, URL, etc.  Still failed. ... View more

Outlook 2016 unable to open while on GlobalProtect

by in General Topics
‎03-18-2020 11:20 AM
‎03-18-2020 11:20 AM
Anyone else experiencing issues with Outlook 2016 being unable to open while on GlobalProtect?  We have sporadic windows 10 pc's with this problem and all windows 7 pc's have this issue.  When we disable GlobalProtect and start Pulse Secure (our legacy VPN agent), Outlook opens right up and connects.  We have a ticket open, but I'm guessing TAC is slammed right now. ... View more

Subsecond failover with active/passive firewalls running dynamic routing possible?

by in General Topics
‎03-14-2016 06:31 AM
‎03-14-2016 06:31 AM
Has anyone been able to successfully get subsecond failovers to work with active/passive firewalls running dynamic routing protocols such as BGP or OSPF?  In our lab testing, it appears we can get the firewall to failover instantly, but then it takes BGP a few seconds to drop/re-establish.  Our next testing will be OSPF to see if that helps speed it up any.  But then we'd have to redistribute those routes into BGP (our core) which might introduce a few second gap.  So far testing failovers (manual failovers via the gui), while running BGP and pinging peer behind the FW, we drop several pings.  With static routes in place, the failover seems to happen quick enough that no pings drop.     I've searched about every article on this site and tried about all the suggestions for faster failover, bgp timers, etc.   On another note, would going active/active help this scenario?  The only main reason (other than link failures, firewall failures, etc.) I'd expect a failover would be for a firewall upgrade/maintenance.  Granted that will be done during a maintenance window if possible.  But we have some "custom" applications that might go offline and fail to our DR site if they loose connectivity for very long.   Thanks ... View more

Re: GlobalProtect drive mapping or login script

by in General Topics
‎04-14-2014 05:43 AM
‎04-14-2014 05:43 AM
The "Pre-logon" requires a registry entry if I'm not mistaken to tell the PC to connect to a certain SSID.  Being that this solution will be deployed for users working from home, we have no way of knowing what their SSID's are... ... View more

GlobalProtect drive mapping or login script

by in General Topics
‎04-11-2014 01:41 PM
‎04-11-2014 01:41 PM
When our users connect locally on the network, as soon as AD authentication is passed, they receive a login script based on their OU to map certain drives.  When users go home, power up their laptops, and log in, they don't receive the script and as such, don't get the drive mappings.  Does GlobalProtect have a feature or option that will run the login script once it connects?  Say once the GP application connects to the gateway, it runs a specific script based on the users OU, or something? ... View more

7-Zip ARJ File Buffer Overflow Vulnerability(31030)

by in General Topics
‎12-17-2013 06:30 AM
‎12-17-2013 06:30 AM
Has anyone come across this vulnerability?  We have several PC's with 7-zip installed for extracted .tar files in windows.  Even after we delete 7-zip, we still see these vulnerabilities being flagged by the pan.  Has anyone seen this behavior before?  Possibly a rootkit or other malware on the pc's? Thanks ... View more
Labels:

User-ID Agent Active Directory Permissions?

by in General Topics
‎09-09-2013 08:11 AM
‎09-09-2013 08:11 AM
We have User-ID Agent Version 4.1.4-3.  What access does the User-ID Agent need on Active Directory?  Does it need to be a domain admin or? Thanks ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
a month ago
Latest Tags
Likes From
View All
LEGAL NOTICES
RESOURCES
Copyright 2007 - 2022 - Palo Alto Networks