This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About BSwientoniowski
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About BSwientoniowski
06-14-2023
13Posts
3Likes
0Solutions
Jun 14, 2023Last Visited
User
Activity
User
Profile
Latest posts by BSwientoniowski
| Subject | Views | Posted |
|---|---|---|
| 2443 | 10-17-2022 07:34 AM | |
| 2199 | 10-14-2022 12:54 PM | |
| 5210 | 10-13-2022 10:53 AM | |
| 2085 | 07-14-2022 11:42 AM | |
| 2263 | 07-11-2022 10:33 AM | |
| 997 | 04-11-2022 11:32 AM | |
| 1293 | 04-08-2022 07:43 AM | |
| 2391 | 11-10-2021 12:13 PM | |
| 5291 | 10-29-2021 12:05 PM | |
| 1982 | 11-10-2020 04:29 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 10-13-2022 10:53 AM | |
| 2 Likes | 10-29-2021 12:05 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like | |||
| 1 Like | |||
| 3 Likes | |||
| 2 Likes |
User Badges
Community Statistics
| Member Since | 04-17-2020 07:31 AM |
| Date Last Visited | 06-14-2023 01:52 PM |
| Posts | 13 |
| Total Likes Received | 3 |
10-17-2022
07:34 AM
Great info to know, thanks for sharing! Can you share any details on the PAN-OS versions and the SSL/TLS profiles used at each customer?
... View more
10-14-2022
12:54 PM
With the certificates, I think the primary concern is the validity period (is it good for 1 year or 2?) rather than how old they are.
... View more
10-13-2022
10:53 AM
1 Kudo
There's some discussion on Reddit about having TLS 1.2 as the minimum in the SSL/TLS profile for your gateway and portal. Can anyone who's having the problem confirm the min. TLS version in their setups?
... View more
07-14-2022
11:42 AM
Thank you Pavel!
... View more
07-11-2022
10:33 AM
When viewing the Traffic Log in the GUI, there is a column for "Decrypted" (yes/no).
However when I export the Traffic Log to a CSV, I don't see a column with the same or a similar name.
How would I identify which connections were decrypted by looking at just the CSV file?
... View more
04-11-2022
11:32 AM
Hypothetical scenario: All Windows 10 clients connecting to Globalprotect. All are managed by System Center Config Manager. I have a HIP Object that matches if there are any patches missing with a severity of 1 or greater. I have a HIP profile with this object in it that denies access to a subnet if there is a match. It is 2 days after Patch Tuesday, and a patch with a severity of 2 is released. This patch has not yet been approved and deployed in System Center Config manager, as we're still testing it on a few virtual machines. Does my security rule deny the traffic? Where does GlobalProtect get the patching information from? Is it relying on information from Microsoft (i.e., patch #1234567 has been released)? Or is there some local client data that conveys what patches have been put out there in our System Center environment?
... View more
04-08-2022
07:43 AM
I'm seeing the same issue. Panorama and Firewalls are both running 10.0.8-h8. Verified that I have a security policy with a HIP profile applied to it.
... View more
11-10-2021
12:13 PM
The Security Advisory for CVE-2021-3059 suggests disabling dynamic updates as a workaround for the vulnerability. However, it specifically says to go to the Device Deployment > Dynamic Updates interface (which is in the Panorama tab of my deployment). How is that different than if you have schedules set under the Device Tab > Dynamic Updates? Additionally, is it OK to manually download and install app/threat, av, and wildfire updates?
... View more
10-29-2021
12:05 PM
2 Kudos
I've done two previous client updates through the firewalls that went fine. The first was 5.0.4 -> 5.1.5 with the portal set to allow user to update manually. Everything went fine. At the time, I think PAN-OS was 8.1.something The second was 5.1.5 -> 5.2.6 with the portal set to allow transparently. Everything went fine. PAN-OS was 9.1.7 at the time I believe. This time I'm doing it transparently again from 5.2.6 -> 5.2.8. PAN-OS is 9.1.10. So far only about 13 out of around 90 computers successfully updated. The rest still show that they're connecting fine in the firewall's GP logs, but they're all 5.2.6 Laptops are all Windows 10, and a mix of builds with the oldest being 1909. Most are 20H2. There's no consistency among builds as far as what's getting updated and what isn't though. I had one of our developers contact me because they said that they're getting the windows notification "GlobalProtect agent upgrade is in progress. Please wait, the application will restart once the upgrade is complete." The upgrade never takes place though. The message appears repeatedly every once in a while also. I checked the Windows Application log on their machine and I never see an MsiInstaller event 1040 for "Beginning a Windows Installer transaction: C:\Program Files\Palo Alto Networks\GlobalProtect\globalprotect.msi" The PanGPS log doesn't show any entries for "msgtype = software-upgrade" AV we're using is Windows Defender ATP. I examined the Device timeline on the machine and was able to see that there was an entry for file created (by PanGPA.exe) c:\users\<user>\appdata\local\temp\_temp<#>.msi, but no activity beyond that. The timeline on a machine where the upgrade was successful eventually shows that the temp.msi file is modified, and then globalprotect.msi and update_tmp.bat are created in GlobalProtect program directory. I had the user download the 5.2.8 update msi file and they were able to manually update successfully. Not sure what is going on. Is anyone else seeing anything like this? EDIT: Over the weekend, I changed the Portal Client Upgrade settings from "Allow Transparently" to "Allow Manually", and I am not seeing the prompt to upgrade.
... View more
11-10-2020
04:29 AM
Thanks for the response. The rule that the traffic is hitting is actually the 4th rule in the list going from trust to untrust that is based off of app-id.
... View more
11-09-2020
11:39 AM
I've got a rule that allows the following applications from any source in our trusted zone out to any destination in the untrust zone. appdynamics dns-over-https dns-over-tls github ms-delve net.tcp ntp ocsp okta paloalto-updates paloalto-wildfire-cloud pan-db-cloud rtcp service-now skype ssh windows-azure windows-push-notifications The rule is set for application-default. We have some legitimate traffic on our network that goes from trust to untrust with the destination port of tcp/37. For some reason, this traffic is matching up to this rule. None of the applications in the rule list tcp/37 as a default port. Only two of those applications (skype and net.tcp) have dynamic default ports. When the tcp/37 traffic hits this rule, the application always shows up as "insufficient-data" I know what the traffic is - it is supposed to be the old "TIME" protocol. I've actually created a rule specific for this further down the list. Any idea why the traffic would match up to this rule?
... View more
05-29-2020
06:52 AM
I know the question about how to set Reconnaissance Protection thresholds has been asked dozens of times. The answer is always "it depends on your environment and situation". I understand that there can't be a one-size fits all best practice. It seems as though a trial-and-error approach is how you should dial in the thresholds and intervals. But are there any unique factors that should be taken into consideration that could give you a general idea rather than taking shots in the dark? Like how many different hosts and services are accessible from that zone? Average connections per second? Frequency of any types of events in the threat logs?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-14-2023
01:52 PM
|
Likes Given To
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks