Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
About hvcomputech
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About hvcomputech
02-10-2022
41Posts
8Likes
1Solution
Feb 10, 2022Last Visited
User
Activity
User
Profile
Latest posts by hvcomputech
| Subject | Views | Posted |
|---|---|---|
| 1471 | 10-11-2017 01:13 PM | |
| 3744 | 09-07-2017 01:40 PM | |
| 3747 | 09-07-2017 01:36 PM | |
| 1916 | 02-01-2017 12:38 PM | |
| 4676 | 04-18-2016 06:38 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 09-07-2017 01:36 PM | |
| 1 Like | 09-07-2017 01:40 PM | |
| 1 Like | 01-17-2012 12:41 PM | |
| 1 Like | 08-19-2014 11:55 AM | |
| 1 Like | 08-08-2012 01:17 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 6 Likes | |||
| 2 Likes | |||
| 1 Like | |||
| 1 Like | |||
| 2 Likes |
User Badges
Community Statistics
| Member Since | 07-19-2011 11:25 AM |
| Date Last Visited | 02-10-2022 03:19 PM |
| Posts | 41 |
| Total Likes Received | 8 |
10-11-2017
01:13 PM
We block most http-audio/video in our enterprise but we allow access to webcasts/webinars. We have had to resort to create a "webinar" rule allowing http-audio and video, rtmp, rtmpe, gotowebinar, and more... with specific IP ranges. Because these change often we have to keep adding CDN IPs to this rule for people to see/hear the webinars. This includes adding a flavor of default URL categories to match the rule. Apart from playing whack-a-mole, the concern is that allowing those ranges with, say, the business-and-economy, content-delivery-networks or streaming-media rule will allow traffic matching that security policy rule for sites unrelated to online webinars or courses. Is there a different/easier way to do this while still blocking http-video and audio for anything not related to webinars? Can someone share rules or ideas accomplishing this? Thanks, Larry
... View more
09-07-2017
01:40 PM
1 Kudo
Yes, *.sling.com also. That allows connections to internet-connected DVRs.
... View more
09-07-2017
01:36 PM
1 Kudo
Or look at the user's url log and find and block the ability to log in to Dish. If logging in on the site, block: https://my.dish.com/customercare/usermanagement/prepLogon.do https://www.mydish.com/welcome or for dishanywhere: http://www.dishanywhere.com/ https://identity1.dishnetwork.com/saml/module.php/sociallogin/login.php
... View more
02-01-2017
12:38 PM
IF you are using Brightcloud try this via cli: debug dataplane test url-resolve-path la-xxx.com It will query locally first and, if unknown (not-resolved) it won't block it. The request will go out to the cloud for an update URL la-xxx.com/, category is not-resolved, a request was sent successfully to the host run it again: debug dataplane test url-resolve-path la-xxx.com it will come back classified correctly URL la-xxx.com/, category adult-and-pornography Larry
... View more
09-22-2015
09:01 AM
Why would you want to block firefox and google chrome updates? I understand wanting to block the google chrome apps, which afaik can't be done, but the browsers? Isn't that exposing yourself to additional vulnerabilities?
... View more
08-19-2015
08:19 AM
I am trying to understand the meaning of the default critical vulnerability action "Alert". This question was brought up by management who gets the PAN Content Update email and I want to give them an accurate answer. For example, Adobe Flash Player Memory Corruption ID 38112 is rated as critical and, as most critical vulnerabilities, the default action is "Alert". If I look up ID 38112 in the Vulnerability Protection Default profile the rule associated with it is "simple-client-critical" with default action Alert. The "simple-client-critical" rule itself has an action of Default. Does this mean that for anyone using the Default profile no action other than alerting would take place? In other words, they might think the PA is protecting when it's only alerting on the vulnerability? I use my own Vulnerability Profile Rule where "simple-client-critical" has an action of "Block". This means that ID 38112 is blocked even though the email says the default action is "Alert", correct? Thanks.
... View more
06-12-2015
12:54 PM
In the cli don't forget to run: clear url-cache all then you might see sites classified correctly. I'm not too happy with brightcloud myself. I have submitted changes and sometimes it takes forever for them to assign them the correct categorization and they miss some obvious sites. However, tech support suggested we stick to brightcloud instead of the PAN-DB because it is much better, but as of 6.1 there are features that use PAN-DB like: "PAN-DB can now categorize content down to the page level instead of just at the directory level. Because the pages within a domain can be long to multiple categories, this capability provides increased accuracy in filtering content and prevents potential over-blocking of web content." I read somewhere that DNS sinkholing requres PAN-DB. Larry
... View more
06-12-2015
12:29 PM
We had a similar issue with a secure site and Firefox wouldn't offer the option to bypass on a PC while it did work on mine. We use the same version, and we're on the same subnet. Clearing the cache in Firefox on his PC is all it took for it offer the option to continue. "for some users with no certificate applied, we have that common certificate error page..." BTW, if you're decrypting traffic and don't have the certificate applied for some people and they get the alert, be aware that you're conditioning these users to blindly accept any untrusted connection in the future. Also, some sites won't allow to continue if the MIM certificate is not installed, no matter what. Those sites will have to be added to an ssl bypass list. Larry.
... View more
04-27-2015
06:32 AM
Without ssl decryption the PaloAlto won't be able to see what is traversing in https.
... View more
12-10-2014
11:37 AM
Y si quieres, algunos podemos traducir aqui al ingles, a veces. Translation: "Problem with PAN-500 in Active-Passive mode. We have the following problem, we did a migration to version 5.0.8 on both appliances without a problem. The problem we have today is when we try to make a modification on one appliance and it gives us an error on interface 1/6, which was configured in HA. I don't know why but there aren't any cables connected nor is it operational. The problem is that if we want to make any changes, we get an error via the web interface. We want to know what the problem could be. Hope you can help us. Thanks. One more thing, is there a tech support number for Spanish in Mexico?"
... View more
12-10-2014
10:23 AM
1 Kudo
Are you using a spam filter? May be blocking the incoming emails filtering by attachment or content may be a quicker solution. Or create a data filtering profile for file type .zip, direction = download, with regex to match invoice.zip, and then apply it to your security policies. Note: I haven't tested this. Larry
... View more
09-16-2014
08:35 AM
Translation: "Do you recommend substituting a Microsoft Threat Management Gateway firewall with a Palo Alto appliance? I'm thinking about substituting one of my firewalls, a Microsoft TMG with a new Palo Alto appliance. In general terms, functionality-wise I'm sure that Palo Alto would be better and would give me a better performance, but I'm weary on how to migrate the configurations such as Exchange (OWA and Active-Sync) and Lync (web services exclusively). This is a cornerstone in my migration, because all users use Lync for voice and IM, both on computers and mobile devices, in addition to Exchange with Outlook Anywhere, OWA and Active-Sync. I understand that TMG reverse proxy can't be duplicated in Palo Alto, but I'd like to find a solution without adding another appliance which would increase migration costs and administration headaches. Thanks"
... View more
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks
