About S_Owoc

Hello   No, I'm looking for something like this https://opendbl.net/ I'm preatty sure that there is more sites like this.   Reagrds SLawek ... View more

Hi @kiwi and the community   Thx for the links, but I'm still looking for a real live example. A few years ago in this community someone shared a link to portal where everyone could post an IP / URL suspected for be a malware site/etc. Do you know such location?     Regards Slawek   ... View more

Hi guys,   This link seems to be a good starting point: https://docs.paloaltonetworks.com/panorama/10-0/panorama-admin/administer-panorama/monitor-panorama/monitor-panorama-and-log-collector-statistics-using-snmp   log forwarding status from individual firewalls to Panorama and external servers. Unfortunately, there is no OID listed for these values, has anyone idea where to find them?   Regards SLawek ... View more

I can't use syslog for some reason which I can't share here.   Any idea how to achieve my goal from LogCollector perspective?   Regards SLawek ... View more

Hello guys I agree with you that any no-decrypt action entry goes above any decryption entry, but in my case decrypt rules are applied only to "bad" traffic based on URL filtering. @vsys_remoyes, I've doublechekced and unknown url category is under 'URL_policy' which in my opinion is the explanation of this mystery. Thank you for pointing it out.   regards SLawek ... View more

Hi @vsys_remo  Unfortunately, I can't share screenshots here, those policies are very basic (from inside to outside any any - and the only thing is that 'URL_policy" has some URL category assigned to it - nothing else.   What I can share is: sowoc@FW01(active)> test decryption-policy-match from Inside source X.X.X.X destination 23.89.0.11 Matched rule: 'URL_policy' action: decrypt and show session: c2s flow: source: X.X.X.X [Inside] dst: 23.89.0.11 proto: 6 sport: 49496 dport: 443 state: DISCARD type: FLOW src user: unknown dst user: unknown offload: Yes s2c flow: source: 23.89.0.11 [Outside] dst: X.X.X.X proto: 6 sport: 443 dport: 49496 state: DISCARD type: FLOW src user: unknown dst user: unknown offload: Yes Slot : 1 DP : 0 index(local): : 8206204 start time : Mon Apr 4 13:18:59 2022 timeout : 90 sec time to live : 7 sec total byte count(c2s) : 759 total byte count(s2c) : 6528 layer7 packet count(c2s) : 7 layer7 packet count(s2c) : 12 vsys : vsys1 application : ssl rule : SEC-RULE service timeout override(index) : False session to be logged at end : True session in session ager : True session updated by HA peer : False layer7 processing : enabled URL filtering enabled : True URL category : any session via syn-cookies : False session terminated on host : False session traverses tunnel : False session terminate tunnel : False captive portal session : False ingress interface : ethernet1/5 egress interface : ethernet1/6 session QoS rule : N/A (class 4) tracker stage firewall : proxy decrypt failure end-reason : decrypt-error   Why the IP "23.89.0.11" is recognized as one of the "bad" urls? according to https://urlfiltering.paloaltonetworks.com/query/ it has: Category: Unknown Category: Medium Risk    any tips how to understand PANOS behaviour here?   Regards SLawek ... View more

Hello Kereng   Have you checked: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm3aCAC https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSBCA0   I would start from above's links   Regards SLawek ... View more