This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
About herrmoss
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About herrmoss
06-22-2022
25Posts
0Likes
0Solutions
Jun 22, 2022Last Visited
User
Activity
User
Profile
Latest posts by herrmoss
| Subject | Views | Posted |
|---|---|---|
| 708 | 09-11-2017 10:33 AM | |
| 720 | 08-18-2017 10:54 AM | |
| 2338 | 08-16-2017 02:00 PM | |
| 2348 | 08-16-2017 01:35 PM | |
| 2355 | 08-16-2017 01:31 PM |
User Badges
Community Statistics
| Member Since | 02-26-2015 06:50 PM |
| Date Last Visited | 06-22-2022 01:45 PM |
| Posts | 25 |
09-11-2017
10:33 AM
So @vsys_remo and @jvalentine, in betwen my other priorities I have been researching this issue with my limited knowledge and understanding. I have discovered that in 60% of the cases the destination IP Address allowed that shows "any" for URL Category in the logs has been also been allowed sometimes with the correct URL Category showing. I'm not sure why this is and am at a loss to explain the remaining 40% that never show the correct URL Category. At this point I am willing to accept this behavior but will continue to monitor. Thanks for your time on this.
... View more
08-18-2017
10:54 AM
Sorry for the delay in responding but I've been tied up with other things. Also I will not be able to work on this for the next week. When I can get back to this I will look at some of the things you've mentioned. However in regard to your comment: "What is likely happening is that the firewall allows the TCP/80 traffic, even identifies it as web-browsing, and then it attempts to match that traffic with your permit rules. If it matches, great. If not, it stops. The trick question is, how should the firewall log the traffic? Should it log the traffic as being denied (when some portion went through?)" I would think that if the firewall is going to log this traffic as allowed because it got part way through the process, it should also have a denied entry when it determines that something about the rule (in my case the URL Category) prevents it. It seems like this isn't happening and maybe that's just the way it works, however I find this confusing. Thanks very much for your insight.
... View more
08-16-2017
02:00 PM
I didn't realize that you could create a URL Filtering profile without a license. Not sure I would like getting that warning (I assume I would continue to get this on subsequent commits). Again, just to be clear, I do get my URL Category showing up in the logs (I just filtered those out in my previous images). Here's another look at the logs without the filtering and an example of "any" circled. Also, my main goal here is to be able to confidentally tell upper management that no traffic is being allowed to a destination that is not in my URL Category.
... View more
08-16-2017
01:35 PM
Thanks @vsys_remo attaching more screenshots. And to be clear, the Custom URL Category is showing up for most of the log entries, I'm just confused about why it's not showing up for some.
... View more
08-16-2017
01:31 PM
You are correct @vsys_remo I only mentioned the licensing issue becuase @jvalentine mentioned creating a URL Filtering Profile and I believe I can't do that without a license.
... View more
08-16-2017
11:12 AM
Thanks for the reply. Unfortunately we don't have a URL Filtering license as we have another solution for that function.
... View more
08-16-2017
08:21 AM
I've read the articles about the processes that take place when analyzing traffic and understand that sometimes there could be an allow status when it seems there shouldn't be. However it also seems that if the traffic truly shouldn't be allowed there would be an associated log entry with some kind of denial. In my case there is no associated denial and I'm would still like to know why this traffic seems to be allowed when apparently not matching my Custom URL Category. Forgive me if I'm still just misunderstanding something about this. Thanks. Here's what I'm seeing in my logs:
... View more
04-10-2017
07:59 AM
Thanks for the response. We log at session end. Looking at the traffic this morning it seems that everything went back to "normal" after a content update this past Friday, so your theory about app-id not having enough info seems to hold water. Thanks again for responding.
... View more
04-05-2017
07:40 AM
After years of content update traffic showing up in traffic logs as paloalto-updates application, this traffic suddenly started showing up in traffic logs as ssl application. This all started at approximately 6:40pm Eastern time on 4/1/2017. Has anyone else experienced this and if so do you have any idea why this is?
... View more
11-18-2016
06:17 AM
Thanks reaper. I suspected that was the case but wanted someone to verify that I wasn't crazy.
... View more
11-17-2016
08:44 AM
After configuring Agentless User ID, the default value for Server Log Monitor Frequency of 2 seconds caused CPU usage on the Domain Controller to be higher than desired. Changing this value to 10 seconds brought CPU usage on the Domain Controller to an acceptable level. What are the ramifications of having this longer Server Log Monitor Frequency?
... View more
10-22-2015
06:38 AM
Upon further review I see that Alarm logs are called out separately. Apologies for my earlier confusion.
... View more
10-21-2015
10:29 AM
Thanks for the reply.
Using that command I don't see Alarm logs called out separately, are they lumped in with one of the other logs I see listed there?
... View more
10-16-2015
12:16 PM
We recently reached the point where our traffic logs are reaching 90% of quota and alarms are being generated. I understand that this behavior is normal and I do have the option of turning alarms off if I wish. I don't want to turn them off but I see the option to acknowledge them. What I'm wondering is do these acknowledgements ever get purged? Because it looks like as long as keep acknowledging them they will just be moved to the acknowledged window.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-22-2022
01:45 PM
|
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks