cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

About NGS_SOC

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NGS_SOC
‎09-10-2020
since ‎07-19-2011
L3 Networker
User Activity
User Profile
Latest posts by NGS_SOC
View All
User Badges
Public Statistics
Date Registered ‎07-19-2011 08:06 AM
Date Last Visited ‎09-10-2020 09:38 AM
Total Messages Posted 68
Total Likes Received 20

Re: Cisco VPN Client Timeout

by in General Topics
‎05-19-2015 07:00 AM
‎05-19-2015 07:00 AM
access route 192.168.0.0/24 is a simple one and goes to split tunnel 192.168.0.0/24 and 172.16.0.0/24 are more complex access routes and goes to tunnel everything ... View more

Re: Cisco VPN Client Timeout

by in General Topics
‎05-19-2015 06:52 AM
‎05-19-2015 06:52 AM
Split tunnel on IPSEC is working but only if the networks are simpler enough. For examples if access routes are 192.168.0.0/24 and 172.16.0.0/24 this goes to full tunnel. Technical limitation probably will never fix. Cisco IPSEC are stuck only to 8 hours and other IPSEC flavors (IPSEC on MacOSX) have even worst timeout. ... View more

Re: Entries in My System Logs

by in General Topics
‎05-19-2014 07:55 AM
‎05-19-2014 07:55 AM
Hi, seems your are working with a External Block List or DBL Dynamic Block List, which is not working as expected. Maybe these links can be useful for your installation. Configuring Dynamic Block List (EBL) on a Palo Alto Networks Device Working with External Block List (EBL) Formats and Limitations ... View more

Re: UIA - Not domain user Identification Problem

by in General Topics
‎05-19-2014 05:50 AM
‎05-19-2014 05:50 AM
You cannot redirect known user to captive portal, CP is only available to unknown IP/User mapping. There are several ways to force domain credentials ( for example explicit login via script, exchange/shared folder/printer accesses etc) but in my option the best way to always keep user-if mapping during the ip lifecycle is the 802.1X & syslog integration within new PANOS 6.0. ... View more

Re: GlobalProtect client

by in General Topics
‎05-19-2014 04:42 AM
‎05-19-2014 04:42 AM
Hi, Cisco's tunnel group and group policies cannot directly migrated into PA Global Protect gateway. The rule is a single PSK/CERT group per GP gateway, once you need more a new gateway has to be created. In Cisco vision the use of multiple vpn-group was done to segregate traffic in layer3+ pool containers, using PA and its user identification, always present in GP, you can achieve the same security level with only one gateway (and related tunnel group) with a bunch of security rules based on User-ID. ... View more

Decryption Port Mirror

by in General Topics
‎10-09-2013 04:46 AM
1 Kudo
‎10-09-2013 04:46 AM
1 Kudo
Hi to all, in My Devices > Request Licenses appeared, in the last few days, a new "Decryption Port Mirror (requires PAN OS 6.0.0 or higher)" . Is anyone able to explain what is about? Probably I have to wait till end of the year new PANOS 6.0 but a sneak could be appreciate. Thanks ... View more
Labels:

Re: AET & PAN

by in General Topics
‎06-16-2013 01:44 AM
‎06-16-2013 01:44 AM
tnx mikand, great comment, as usual I've spent some hours with my country SE and I have a officiaL answer to my AET question, in addition they give me some additional commands to test against stonesoft's evader attack. I'll try them within this week and I'll post my comment ... View more

Re: QoS stats via XML

by in Automation/API Discussions
‎06-15-2013 08:28 AM
‎06-15-2013 08:28 AM
thx... damned platform specific bug 🙂 ... View more

Re: Some Youtube streaming being ID'd as "flash" not "youtube"?

by in Automation/API Discussions
‎06-15-2013 08:27 AM
‎06-15-2013 08:27 AM
It's better that you open a support case as soon as possibile. I haven't see a behavior like this and maybe your app-id engine on 3050 is not working properly. Even if you have right over youtube changing better warn the support, so the developer team can take countermeasures. ... View more

Re: RegEx for specific DNS strings

by in General Topics
‎06-15-2013 08:09 AM
‎06-15-2013 08:09 AM
welcome in the 7 bytes world 🙂 gwesson has right your pattern should works fine with    Pattern = "ddostheinter\.net" Pattern = "directedat\.asia" ... View more

Re: URL Allow List filters are not functioning as documented.

by in General Topics
‎06-15-2013 08:02 AM
‎06-15-2013 08:02 AM
If you need allowing a domain with its subdomain you must allow them domain.* *.domain.* *.*domain.* *.*.*domain.* etc This works for web-browsing, if the traffic is ssl you need to terminate it (decryptin) in order to gain full compatibility. If not only the domain.* is visible. In case of known application (as dropbox)  I suggest you not to use Url, use application identification, always go beyond Url Profile. ... View more

AET & PAN

by in General Topics
‎06-08-2013 01:47 AM
‎06-08-2013 01:47 AM
Hi everybody, last week I had a Stonesoft engineer in my lab demonstrating their techniques of exploit attack via AET. I tested my PAN NFR units (PA-200 & PA-2050) with IPS license last update, together with other vendors IPS units, protecting 2 pretty vulnerable client (one win xp sp2 the other ubuntu 6.04) . The result scared my quite a bit. Known exploits are blocked once sent in clear way, but when a subset of AET was run under script the catch rate  was quite bad, less than 10% with the highest IPS policy in place. Here the link to Stonesoft attacker that one can freely test: Evader | Stonesoft Evader Last AET discussion in this forum is pretty old, end of 2010, and I would like how PAN handles nowadays these kind of sophisticated traffic obfuscation, carrying malicious payload. I know that patching the client solve the problem but the same oparation could be done with client with no patch software available and IPS are meant to handle such situations. Regards ... View more
Labels:

Re: what is wrong with blocking firefox

by in General Topics
‎06-08-2013 01:23 AM
1 Kudo
‎06-08-2013 01:23 AM
1 Kudo
In a 4.1. installation I use this pattern User-Agent:.Mozilla/*.*(Firefox/*) ... View more

Re: Forward DNS requests

by in General Topics
‎06-08-2013 01:16 AM
1 Kudo
‎06-08-2013 01:16 AM
1 Kudo
Hi, except from DNS-proxy another way to accomplish this is using U-turn NAT configuration Source Zone: Trust-Zone Dest Zone: Untrust-Zone service: dns (53tcp +53udp) Source : Your internal network Dest: External Dns server IP (ie 8.8.8.8 google) Source translate: dynamic-ip-port (PAT) of your internal firewall interface Dest translate: Your internal DNS server IP Also you need a permit security policy from Trust-Zone to Trust-Zone The drawback that you need a NAT entry for every external dns server, but if you verify which ones is mostly used I think that 10 rules could match 90% of your dns external requests. ... View more

Re: User-ID for Exchange Permission Issue

by in General Topics
‎05-26-2013 03:08 AM
1 Kudo
‎05-26-2013 03:08 AM
1 Kudo
https://live.paloaltonetworks.com/message/15865#15865 Be aware that only owa connection can be used, due to Exchange limitation there is no POP3 or IMAP user connection information. ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎09-10-2020 09:38 AM
Latest Tags
No tags yet
Likes From
Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2021 - Palo Alto Networks