This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Royalfr
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Royalfr
09-25-2023
11Posts
5Likes
0Solutions
Sep 25, 2023Last Visited
User
Activity
User
Profile
Latest posts by Royalfr
| Subject | Views | Posted |
|---|---|---|
| 373 | 07-14-2023 12:03 PM | |
| 1385 | 12-21-2022 11:12 AM | |
| 1310 | 06-28-2022 07:52 AM | |
| 14488 | 05-17-2021 08:58 AM | |
| 2275 | 03-11-2021 12:57 PM | |
| 3017 | 02-19-2020 08:46 AM | |
| 7704 | 01-03-2020 11:24 AM | |
| 7726 | 01-03-2020 10:09 AM | |
| 10628 | 01-03-2020 10:05 AM | |
| 3774 | 10-25-2019 11:18 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 02-19-2020 08:46 AM | |
| 1 Like | 03-11-2021 12:57 PM | |
| 3 Likes | 05-17-2021 08:58 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like |
User Badges
Community Statistics
| Member Since | 10-25-2019 05:46 AM |
| Date Last Visited | 09-25-2023 09:00 AM |
| Posts | 11 |
| Total Likes Received | 5 |
07-14-2023
12:03 PM
We don't allow ms-onedrive-uploading. Some IT have UserID-based right to ms-onedrive-base & ms-onedrive-downloading.
Despite all of those up-privileged users showing "ms-onedrive-base" activity--nobody shows downloading. It was brought to our attention that they can upload to onedrive which is showing up as "ms-onedrive-base" only. And the filenames being uploaded within the web interface are being obfuscated.
Are others seeing uploading occuring under ms-onedrive-base??
I wonder if this is just that MS has altered the function and PA's userID is no longer functionally existent. I have to do my own testing as no logs were retained and info is too generic for my liking. Perhaps the AppID is only valid for the onedrive application you install in Windows and not the website.
... View more
12-21-2022
11:12 AM
Yes, the "citrix-director" traffic is either used beyond the Citrix Director management/monitor website that Citrix Admins use.
It is showing up on all SQL STUDIO users to SQL servers (SQL Srvrs hosted on ESXi hosts--NOT hosted on Citrix).
It is constantly flowing between Citrix hosts.
It is flowing between SQL servers and Always On Listener nodes.
Most new applications are somewhat predictable, but this one went far beyond
" Citrix Director is a monitoring and troubleshooting console for Citrix Virtual Apps and Desktops."
It brought down all user access to our citrix apps. DBAs couldn't use SQL Studio.
... View more
06-28-2022
07:52 AM
are seeing this two. ForeScout is detecting the same MAC on laptops in the office on the local LANs. This is triggering lock downs for MAC Spoofing. But I see no justification to see the Virtual Adaper to send packets out the LAN interface and not use the LAN interface's MAC. I see no one replied to your post. Did you get any answer elsewhere?
... View more
05-17-2021
08:58 AM
3 Kudos
If you HTTPS to the firewall and create an Address as an FQDN instead of an IP, there is a clickable RESOLVE link next to where you place the DNS name. That will resolve and list all the IP addresses it pulled from DNS. This is better than a PING test as PING will only show the first of many IPs. Using the FQDN address object you can see the full list.
... View more
03-11-2021
12:57 PM
1 Kudo
Does anyone know if they ever fix this? Or shall we rephrase and say it is a "feature request" to unbreak this. Is there a client version that doesn't stop DNS requests. I don't see any mention that the GP clients fakes DNS replies to other servers. I can understand offering this for security purposes, but let's not keep it secret. This makes GP client laptops hobbled for network engineers, desktop techs, domain and DNS engineers and many more IT people. For many this is a foolish "feature". It has prevented me from troubleshooting repeatedly.
... View more
02-19-2020
08:46 AM
1 Kudo
I have this issue as well. And while the example is kindergarten simple, the problem continues in many permutations. I create a rules allowing the many microsoft services that Non-Controllers use between some server networks. Then I have to make a rule for web-browsing on a non standard port (TCP9201) involving some of the same servers. SHADOW WARNING Despite that there is NO shadowing whatsoever. The first rule doesn't allow the traffic the second rule allows. I can't combine them-because that would permit many permutations ot use non-standard ports that should be blocked. Clearly the shadow logic completely ignores the SERVICE field of all rules. So many of my non-default port rules are "shadowed" if their protocol was previously allowed with any other service configured. This is just bad logic on PaloAlto's part.
... View more
01-03-2020
11:24 AM
Trying block them passing through the firewall is easy enough. I'm trying to stop the firewall from answering them. Will a policy affect traffic that is directed at the Interface IP of the firewall? Normally that is affected only by Management Profile. I don't write policy rules to allow the firewall to receive & send SSH, SNMP, syslogs, pings, etc.
... View more
01-03-2020
10:09 AM
Did you ever find a solution for this? it is five years later and the interfaces are still answering these oddball ICMP requests (which can be useful to hackers). We have PING on the interface profile and it is answering these all day long. Royal
... View more
01-03-2020
10:05 AM
Interestingly, for me it is the PALO ALTO 5200 series Vers 8.1 that IS RESPONDING to timestamp requests from a desktop. Why? I don't know. Why offer discovery information that a hacker could use? We have PING enabled on the interface--but I don't see any way to stop it from answering these esoteric ICMP queries. It is also being asked for ADDRESS MASK (ICMP), but at least it doesn't respond to that.
... View more
10-25-2019
11:18 AM
The interesting thing about that graphic... which seems to reflect exactly what I want to do.... is that the Eth ports of the firewall don't disclose the mask, and the destinations being monitored are all within a class C. 192.0.2.xx So I can't say that others i the LIVEcommunity are incorrect when they've written that they must be in a single subnet. My reality is that when I try to enter a SOURCE IP in the dialog box, it only accepts two things: The DHCP option in the Dropdown, OR create a NEW X VARIABLE I could create multiple VARIABLES all pointing to a single loopback as a source... but that seems like one wrong on top of another wrong. It would not let me create one VARIABLE with the FWs loopback and re-use that in multiple monitors. It refused to allow me to use the same variable twice. (Frankly, I've never used variables, so my understanding there is weak.) The documentation for removing static routes with Path Monitoring says enter an IP or name an Interface. It won't accept any IPs or any interfaces. Even an IP within the Route isn't accepted. Destination IP I can put any IP. 1.1.1.1 or 20.200.200.200 doesn't matter what it is. But source I can't get it to accept anything that makes sense.
... View more
10-25-2019
06:50 AM
I'm trying to monitor the availability of one tunnel, to re-route the same destination traffic into a second tunnel. The other side can't do routing protocols right now--which would solve this easily. I hoped to find a non-manual way to fail over. I read in a discussion that the SOURCE IP and destination IP have to be in a single network. The documentation didn't mention this. If that is true, essentially this is designed to test a basic /30 circuit or a "can I see my default gateway?" test. And really nothing more. Calling a zero-hop distance (same broadcast domain) a "path" monitor is stretching the word path. Routing Gateway Monitor is more appropriate. Also the documentation (copied below) says you can have eight destinations. Having that many without being able to go beyond the gateway... really limits this to ... testing my two ISPs, or three ISPs and there are so many other ways that gets accomplished in the real world. Obviously none of the REMOTE IPs of a typical VPN between corporations are going to be in the same local subnet as any IP I can assign to my firewall. Cisco's DMVPN is structured to simulate a subnet between all the ipsec endpoints. So I'm not sure if there is anything in the PA's features that would let me manipulate routes without a routing protocol. I have a second route with a lower admin cost. But it doesn't work like Cisco where a route pointed to an interface(the tunnel) becomes invalid when the interface is down. Add a monitored destination by Name. You can add up to eight monitored destinations per static route. For Source IP , select the IP address that the firewall uses in the ICMP ping to the monitored destination: If you select an interface, the firewall uses the first IP address assigned to the interface by default. If the interface has multiple IP addresses, select one. If you select D HCP (Use DHCP Client address) , the firewall uses the address that DHCP assigned to the interface.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-25-2023
09:00 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks