About ERIKS

ERIKS · ‎07-13-2018

We gave up waiting for Palo to sort out the reporting and moved to Zscaler (www.zscaler.com) for all our web traffic analysis and reporting. We also get the added benifit of having all our roaming devices protected as well without having to back haul them through the Palo firewalls.

ERIKS · ‎01-24-2013

Does the Palo firewall (version 4.1.10) with threat update version 351 block vulnerability CVE-2012-4607 "Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data. "

ERIKS · ‎10-24-2012

Can someone please explain why a high severity vulnerability signature has been disabled in update 335? Does this mean that this vulnerability will no longer be detected? What happens if we encounter this vulnerability, will it be allowed through? The same question also about the disabled spyware signature in the update 335 as well.

ERIKS · ‎05-29-2012

I would definitely second this. I'm getting it in the neck from senior management because of the lack of proper or poor monthly web usage reporting. We can't even answer the simple questions like "which web sites are users going too?" and "what's the top web sites visited in the last month?" Come on Palo get your finger out PLEASE!!

ERIKS · ‎11-23-2011

I've upgraded the Application and Threat content to version 278 and in my tests this problem still exists. It would appear that it allows the ftp file upload but the file is corrupted and the ftp session itself will hang and has to be forced closed. Come on Palo we need a fix for this ASAP please. This is seriously going to impact our business communications.

ERIKS · ‎11-22-2011

I am also seeing this issue with some internet based users trying to ftp to servers on our DMZ and using passive mode. This is effecting business critical servers as we are using ftp for some of our EDI orders. I would rather not have to down grade back to 4.0.7 as 4.1 fixes some other issues that we were having with VPN connections. Can anyone from Paloalto Networks tell us how long are we likely to have to wait before we see a version 4.1.1 to fix this issue please?

ERIKS · ‎11-22-2011

I am also seeing this issue with some internet based users trying to ftp to servers on our DMZ and using passive mode. This is effecting business critical servers as we are using ftp for some of our EDI orders. I would rather not have to down grade back to 4.0.7 as 4.1 fixes some other issues that we were having with VPN connections. Can anyone from Paloalto Networks tell us how long are we likely to have to wait before we see a version 4.1.1 to fix this issue please?

ERIKS · ‎09-22-2011

I would also like to add my wish for such a report please. The main selling point to us for the PAN was the reporting but these basic type of reports seem to be missing. How soon are we likely to see any improvement in the reporting please?

ERIKS · ‎07-22-2011

@lardsa I also have a similar setup to yourself, but I've found that SSL decryption can be very slow on some website including the PAN support portal. I've had to put a rule in to not decrypt the effected websites and the performace then returns. Can anyone from PAN explain why these performance issues are happening and what else (other than not to decrypt them) can be done to fix it. I've used other web scanning products with SSL decryption and I've not experienced these sort of performance issues before.

ERIKS · ‎07-20-2011

Hi We are having a lot of issues with using the PAN Agent scraping the wrong user / ip information from our AD logs as we also have a mixture of local user logins and remote desktop RDP connections which change the user's login / ip address association which I'm sure you are all aware of. I'm aware that the UID Agent that is used for E-Directory LDAP has an XML API, but as we are using Active Directory, I'm using the PAN Agent instead. I was wondering if there is a similar XML API for the PAN Agent? If there isn't, why not? Is it on the road map for sometime soon? Is there some other way of clearing the wrong user / ip association from the PAN Agent? I've tried to use Captive Portal with NTLM but this only works if the user is _unknown_. Is there a way to force a CP connection when users use a web browser and to clear it when the browser is closed? Failing that, can the UID Agent be used with Active Directory (and hence the API) instead of the PAN Agent and if so, what would be the best practice configuration please? As the main selling point to use for the PAN was its user / app logging, the fact that the wrong users are being logged is disastrous for us. We would rather not have a user logged than the wrong one, as it makes the user's web browsing activity wrong with serious consequences to us from our HR department. Any help in these matters would be appreciated.

Member Since	‎05-06-2011 03:11 AM
Date Last Visited	‎09-16-2022 04:46 AM
Posts	10
Total Likes Received	5

Online Status	Offline
Date Last Visited	‎09-16-2022 04:46 AM

About ERIKS

Re: Feature Request - Reporting

CVE-2012-4607

Disabled Vulnerability Signatures in App+Threat Update 335

Re: Feature Request - Reporting

Re: Passive FTP issue after upgrade to v4.1.0 (NAT issue?)

Re: Passive FTP issue after upgrade to v4.1.0 (NAT issue?)

Re: Problem with MLSD command on FTP after upgrade to 4.1.0

Re: Reports - Best way to see top URLs visited?

Re: SSL-decryption slow

XML Interface to PAN Agent

Re: Feature Request - Reporting

Re: SSL-decryption slow

Re: Feature Request - Reporting

Re: Feature Request - Reporting

CVE-2012-4607

Disabled Vulnerability Signatures in App+Threat Update 335

Re: Feature Request - Reporting

Re: Passive FTP issue after upgrade to v4.1.0 (NAT issue?)

Re: Passive FTP issue after upgrade to v4.1.0 (NAT issue?)

Re: Problem with MLSD command on FTP after upgrade to 4.1.0

Re: Reports - Best way to see top URLs visited?

Re: SSL-decryption slow

XML Interface to PAN Agent