Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About RyanF
About RyanF
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
07-01-2016
16Posts
3Likes
0Solutions
Jul 01, 2016Last Visited
User
Activity
User
Profile
Latest posts by RyanF
| Subject | Views | Posted |
|---|---|---|
| 171 | 11-15-2015 08:39 PM | |
| 1422 | 12-22-2014 09:14 PM | |
| 1422 | 12-17-2014 07:57 AM | |
| 1422 | 12-17-2014 07:55 AM | |
| 1603 | 12-16-2014 05:08 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 | 12-16-2014 05:08 PM | |
| 1 | 11-28-2014 12:45 PM | |
| 1 | 11-11-2014 10:20 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 2 | |||
| 1 | |||
| 1 | |||
| 1 |
User Badges
Public Statistics
| Date Registered | 03-21-2013 10:52 PM |
| Date Last Visited | 07-01-2016 01:02 PM |
| Total Messages Posted | 17 |
| Total Likes Received | 3 |
11-15-2015
08:39 PM
The Center for Internet Security (http://cisecurity.org) needs your help with creating the first CIS PAN-OS security benchmark.
We're looking for volunteers with PAN-OS experience to contribute in security discussions, recommendations, editing, figuring out CLI commands for automated auditing, and many other tasks, from expert to beginner. Spend as little or as much time contributing as you'd like.
The CIS benchmark uses this document from the SANS reading room as a starting point--https://goo.gl/OHgo77 but there's plenty of work to be done before v.1 can be released.
Sign up here under "CIS Palo Alto Networks Benchmarks":
http://benchmarks.cisecurity.org/community/projects/
... View more
12-22-2014
09:14 PM
Thanks, Steven Puluka . That will be a little tough in our environment, but should give us at least some insight. I wish there were a "log, continue" option that I could just place at the top of the shared pre-rules in Pano. Once traffic hit that rule, it wouldn't permit or deny, but simply create a log entry and continue down the ruleset. jkim@copperriverit.com - Wow, I d idn't realize OpenDNS offered a threat feed compatible with Palo's DBLs. I actually sat in a presentation by the OpenDNS guys at DEFCON this year. They're doing some amazing work. Thanks!
... View more
12-17-2014
07:57 AM
parmas - Can you say which block lists you've used in production?
... View more
12-17-2014
07:55 AM
Good point. We are already using pan-db. Just looking for additional ways to help keep out the bad guys.
... View more
12-16-2014
05:08 PM
1 Kudo
I'd love to integrate lists of known malicious IPs like those in the links below into dynamic block lists, but I'm worried about overblocking or a bad feed hosing us. Has anyone used feeds similar to the ones below, either free or paid? What was your experience? http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt http://malc0de.com/bl/IP_Blacklist.txt http://panwdbl.appspot.com/lists/openbl.txt Others: http://panwdbl.appspot.com/
... View more
Labels:
12-15-2014
09:58 AM
In what I've seen so far, I think you are correct--only Netflow can provide what we need here. A shame that's not built-in to Panorama.
... View more
12-08-2014
12:26 PM
The problem is, we don't know what IPs we need to investigate. The ultimate question is, how can we accurately see bytes transferred (and source/destination IPs) in a given period of time? The data transferred with established (non-terminated) sessions don't show up in any report, which could be a huge missing piece.
... View more
12-03-2014
10:26 PM
Here's the scenario: 1) 1 week ago, a session from 10.1.1.1 and 10.2.2.2 is established. Normally, data transfer is very low. 2) Within that session, 100GB of data is suddenly transferred one day between 6pm and 7pm, pegging the site's Internet bandwidth. 3) The data transfer becomes very low again after the burst. The session doesn't terminate until 1 week later. Observations: - If we look at ACC during that 1 hour burst, the traffic doesn't show up at all. - If we look at the session browser, all we see is total transferred bytes since the session was established. Question: - When we try to figure out what's using up the bandwidth in a particular time frame, how can we see bytes transferred and source/destination IPs for established sessions that remain active? (The Network Monitor is horribly inflexible and doesn't produce enough detail to be useful in our actual scenario)
... View more
Labels:
11-28-2014
12:45 PM
1 Kudo
There's a ton of fantastic best practices guides on this site in addition to the admin guides. I was wondering if a best practices security configuration benchmark or checklist exists for PA firewalls. Something I can hand an IT auditor, similar to this: http://goo.gl/JgmTTc
... View more
Labels:
11-14-2014
10:36 PM
Awesome! Thank you for the quick response! You saved me a call to support.
... View more
11-14-2014
10:11 PM
To protect web servers with this threat signature, do we need to have SSL inbound inspection enabled?
... View more
11-11-2014
10:20 AM
1 Kudo
Thanks, Dorsey. Are there any others you've gotten feedback on? Any vendors we should probably...ummm...put lower on our list?
... View more
11-10-2014
11:43 AM
We have a need for 24x7 monitoring, so I wanted to explore partnering with an MSSP vs. setting up our own SOC. Anyone have experiences to share? We'll probably start discussion with one of these partners, but wanted to get feedback first: https://www.paloaltonetworks.com/partners/managed-security-services-provider.html
... View more
10-28-2014
02:27 PM
For those of you with global Palo deployments, here's a paper to get you started on what you should know about employee privacy issues. This issue can be complex in countries outside of the U.S. "Next Generation Firewalls and Employee Privacy in the Global Enterprise” http://www.sans.org/reading-room/whitepapers/legal/generation-firewalls-employee-privacy-global-enterprise-35467
... View more
- Tags:
- privacy
Labels:
05-22-2013
01:23 PM
Thank you, essnet! Nothing else worked for me, but manually appending the intermediate cert to the primary in XML did the trick! I also had to reboot the devices for the change to take effect. I would've thought after 1.5 years that would be fixed. Thanks again!
... View more
04-22-2013
01:31 PM
Running 5.0.4 and still no print button in ACC. Definitely a needed feature.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-01-2016
01:02 PM
|
Latest Tags
No tags yet
Likes Given To
Latest Blogs
Latest Posts
Copyright 2007 - 2020 - Palo Alto Networks
