This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About cchristiansen
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About cchristiansen
11-21-2022
41Posts
24Likes
7Solutions
Nov 21, 2022Last Visited
User
Activity
User
Profile
Latest posts by cchristiansen
| Subject | Views | Posted |
|---|---|---|
| 11221 | 04-09-2019 10:58 AM | |
| 2536 | 01-22-2014 07:00 PM | |
| 3789 | 12-18-2013 08:23 PM | |
| 2592 | 11-11-2013 12:47 PM | |
| 1894 | 11-06-2013 04:32 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 04-09-2019 10:58 AM | |
| 1 Like | 07-23-2013 08:49 PM | |
| 2 Likes | 07-17-2013 04:40 PM | |
| 1 Like | 07-18-2013 04:23 PM | |
| 2 Likes | 09-09-2013 06:32 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 16 Likes |
Retired Member
| ||
| 2 Likes |
User Badges
Community Statistics
| Member Since | 03-18-2013 08:36 AM |
| Date Last Visited | 11-21-2022 03:35 PM |
| Posts | 41 |
| Total Likes Received | 21 |
04-09-2019
10:58 AM
1 Kudo
Nice blog Bushra. You're a great CAP manager and a pleasure to work with. -chadd
... View more
01-22-2014
07:00 PM
I am not sure what your goal is, so there may be a much better way to accomplish what your are trying to accomplish.. That being said, here is a link to the admin guide for 5.0: https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/4118-102-7-19329/PA-5.0_Administrators_Guide.pdf On pages 235 and 236 the "regex" rules are described. This is not full blown regex as you are likely used to. It is a very cut down version. Here are some "regex(s)" that I have come up with as an example. The rules state that your data pattern "regex" must be at least 7bytes long. This is constrained to the string you are searching for and not anything between brackets (so no tricking the system with logic (and, or, etc.). In these examples I am keying on HTML form post data - so, uploading a file via a web form. As you can see, the "string" here is "form-data": Any IP: .*(form\-data).*((([0-9])|([0-9][0-9])|([1][0-9][0-9])|([2][0-5][0-5]))\.(([0-9])|([0-9][0-9])|([1][0-9][0-9])|([2][0-5][0-5]))\.(([0-9])|([0-9][0-9])|([1][0-9][0-9])|([2][0-5][0-5]))\.(([0-9])|([0-9][0-9])|([1][0-9][0-9])|([2][0-5][0-5]))).* RFC 1918 (10/8) IP: .*(form\-data).*(([10])\.(([0-9])|([0-9][0-9])|([1][0-9][0-9])|([2][0-5][0-5]))\.(([0-9])|([0-9][0-9])|([1][0-9][0-9])|([2][0-5][0-5]))\.(([0-9])|([0-9][0-9])|([1][0-9][0-9])|([2][0-5][0-5]))).* RFC 1918 (172.16/12) IP: .*(form\-data).*(([172])\.((1[6-9])|(2[0-9])|(3[0-1]))\.(([0-9])|([0-9][0-9])|([1][0-9][0-9])|([2][0-5][0-5]))\.(([0-9])|([0-9][0-9])|([1][0-9][0-9])|([2][0-5][0-5]))).* RFC 1918 (192.168/16) IP: .*(form\-data).*(([192])\.([168])\.(([0-9])|([0-9][0-9])|([1][0-9][0-9])|([2][0-5][0-5]))\.(([0-9])|([0-9][0-9])|([1][0-9][0-9])|([2][0-5][0-5]))).* NOTE: For looking in email, you might use the string "subject" as a key word. The "regex" would then look like this: Any IP: .*(subject).*((([0-9])|([0-9][0-9])|([1][0-9][0-9])|([2][0-5][0-5]))\.(([0-9])|([0-9][0-9])|([1][0-9][0-9])|([2][0-5][0-5]))\.(([0-9])|([0-9][0-9])|([1][0-9][0-9])|([2][0-5][0-5]))\.(([0-9])|([0-9][0-9])|([1][0-9][0-9])|([2][0-5][0-5]))).* !!!WARNING!!!: This will slow down your commit times, and if you use all of these at the same time, your commit may fail. This is because there is a limited memory space for compiling custom signatures. The more complex the signature, the more memory the compile takes. I tested these on a PA-200 and the commits failed for the most part. I was able to get the smaller ones to commit and work, but again, this is not recommended. I hope this helps. -chadd.
... View more
12-18-2013
08:23 PM
Hello cheon. The hello packets are generated on the management plane and sent out the data plane. The routing table is managed by the mangment plane, and "frequently used, or best match" routes are sent to the FIB. The FIB(forwarding information base) is a software copy of the routes which are programmed to the TCAM for packet forwarding. This is a simple explanation, but I hope it answers your questions. -chadd.
... View more
11-11-2013
12:47 PM
Hello Dan. Checking the "use CRL" option should be sufficiant. The caviots would be, that if the firewll can not get to the CRL imbedded in the certificate, it would be considered valid. Also, if there is no CRL in the certificate, same behavior. You can check your "service routes"(by default the MGMT port), and make sure that the firewall can get to the CRL to check the certificate status. The route used for CRL is the same as OCSP. Hope this helps. -chadd.
... View more
11-06-2013
04:32 PM
1 Kudo
Hello Daniel. You can use client certificates in both situations. You do not need to push your root CA to the clients though. What you can do is upload the CA public key to the firewall, and use that in a "Certificate Profile". Then, you will just issue (sign) cerficates for your clients from the Microsoft server, and push them to your clients via a GPO. You can also have one client (machine) certifcation for all your clients and configure that as the "client certificate" on your portal and then give that same certificate to all your clients (GPO maybe). Then that certificate will be checked against the one configured on the firewall to make sure they are the same cert. There is a third way as well, which would allow you to upload the public key (CA) to your firewall, and have that pushed out to all your clients, so that it is in their trusted root store. That way, they don't get the nag message about a bad cert. This is not needed though. Hope this helps. -chadd.
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks