This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About helenio.sartori
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About helenio.sartori
11-02-2018
45Posts
1Like
0Solutions
Nov 02, 2018Last Visited
User
Activity
User
Profile
Latest posts by helenio.sartori
| Subject | Views | Posted |
|---|---|---|
| 1640 | 11-02-2018 07:37 AM | |
| 2075 | 12-02-2014 02:56 AM | |
| 2235 | 12-02-2014 02:50 AM | |
| 2320 | 12-01-2014 11:36 PM | |
| 3228 | 10-23-2014 11:10 PM | |
| 3501 | 10-23-2014 12:29 AM | |
| 2661 | 07-29-2013 01:13 AM | |
| 2761 | 07-26-2013 02:18 AM | |
| 1829 | 05-24-2013 02:04 AM | |
| 1877 | 04-30-2013 01:38 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 06-15-2010 08:58 AM |
User Badges
Community Statistics
| Member Since | 01-04-2010 07:16 AM |
| Date Last Visited | 11-02-2018 10:58 AM |
| Posts | 45 |
| Total Likes Received | 1 |
11-02-2018
07:37 AM
Hello, I installed UIA 8.0.12-5 on WIN server 2008 R2 (FW PAN OS is 8.0.13). I'm throubleshooting userid login problem and it looks that log event (Event ID 4768,4769,4770,4624) are not readed by the user agent on Windows Server 2016. Connecting to WIN 2016 server I can see that Event ID 4768,4769,4770,4624 are on the security log but if I increase the debug on the UIA (verbose) this event are not there. It looks like the agent doesn't understand the Event generated by the WIN Server 2016, is there any guide how to set up the event log of the WIN Server 2016 to by compatible with UIA ?
... View more
12-02-2014
02:56 AM
Here a screenshot about the monitor of the rule that has socila-networking category in the matching part of the rule As you can see the port are 80 and 443 (http and SSL).
... View more
12-02-2014
02:50 AM
Actually I'm using this rules only for port 80 and port 443. Why a have traffic with any category since I specified the category social-networking ? it doesn't make sense ... I can't use URL filter profile because is scalable on my design.
... View more
12-01-2014
11:36 PM
Hello, I have a rule where we allow the category social-networking. Why in traffic log I see traffic allowed with category any !!
... View more
10-23-2014
11:10 PM
I can't work with URL profiles because I have a top rule with application skype blocked and rule with URL profile are below this rule. I have to bypass skype application detection before the rule that block skype application therefore I have to bypass the skype application detection with a rule on top of it with a matching and not a policy. The only way in may case is custom application. I tried suggestion from hyadavalli but i didn't manage to work. There is some detailed guide how to build custom application ?
... View more
10-23-2014
12:29 AM
Hello, I'm actually blocking skype application but I would like to allow skype manager web site (https://manager.skype.com/). The web site manager.skype.com is blocked because recognized as skype application. The idea is to build a application that allow skype with hostname https://manager.skype.com/ The custom app I created is here below but it doesn't work, any idea why ? where I'm wrong ?
... View more
Labels:
- Labels:
-
App-ID
07-29-2013
01:13 AM
I think Application override is not the right approach as I don't have particular destibnation ip or source ip. It is really a news app based on existing one. if I use web-browsing as Parent app it means that all traffic from the site will be classified as custom application, my intend was to recognize as custom application only phpproxy traffic type. Anyway I don't understand why if I definine phpproxy app as parent the web-browsing traffic is recognized by the custom app. suggestion ?
... View more
07-26-2013
02:18 AM
Hello, I have a policy that block phpproxy application for security reason. There is a web site http://www.sac-cas.ch (shop tab) is blocked because some request are recognised as phpproxy application. I'd like to build an application that allow phpproxy when host is www.sac-cas.ch in a way to bypass the block. Here below the custom application I created for this purposed. Basically the application has as parent app phpproxy and signature match host www.sac-cas.ch. I don't know why but it seams that this customer application in recognized not only when application is phpproxy but eve if the traffic i web browsing. Where I'm doing wrong ? It somethong related to App dependencies ?
... View more
- Tags:
- app-id
Labels:
- Labels:
-
App-ID
05-24-2013
02:04 AM
Hello, I'm thinking to migrate from brightcloud to Paloalto URL DB since I had to request a lot of recatogorization. Where can I find Categories list migration ? Does all categories match ? To migrate is enought to follow this doc https://live.paloaltonetworks.com/docs/DOC-4388 ? Can be reverted back ? Does anyone has feedback about migrating from brightcloud to Paloalto URL DB ? Paloalto URL DB how is located, only USA ? is redundant ? availability ?
... View more
- Tags:
- url_filter!!
04-30-2013
01:38 AM
Hello, on the cli show command I see under "XX Anti spyware" profile the botnet-domains policy but I'm not able to find it on GUI under object-securityprofiles -> antispyware. Where botnet-domain behavior is configured on GUI ? thank's .. here below the Cli output: spyware { "XX Anti Spyware" { rules { simple-critical { severity critical; packet-capture no; threat-name any; category any; action { alert; } } simple-high { severity high; packet-capture no; threat-name any; category any; action { alert; } } simple-medium { severity medium; packet-capture no; threat-name any; category any; action { alert; } } simple-low { severity low; packet-capture no; threat-name any; category any; action { alert; } } } threat-exception { 12652 { action { allow; } } 20000 { action { allow; } } } botnet-domains { packet-capture no; action { alert; } } }
... View more
Labels:
- Labels:
-
Configuration
11-23-2012
06:07 AM
hello, I was doing some URL reports and I did some test to see how URL are logged by the PAN FW ver 4.1.8 and I have some question. Let's take a simple url page www.liceobellinzona.ch. when you request it, using a browser, you can see with wireshark all request used to fetch the content are: GET www.liceobellinzona.ch GET www.liceobellinzona.ch/css/default.css GET www.liceobellinzona.ch/css/layout.css GET www.liceobellinzona.ch/javascript/dtree.css GET www.liceobellinzona.ch/javascript/misc-functions.js GET www.liceobellinzona.ch/javascript/dtree.js GET www.liceobellinzona.ch/javascript/dtree_menu.js GET www.liceobellinzona.ch/images/logo1a.jpg GET www.liceobellinzona.ch/images/dtreemenu/join.gif GET www.liceobellinzona.ch/images/dtreemenu/plus.gif GET www.liceobellinzona.ch/images/dtreemenu/line.gif GET www.liceobellinzona.ch/images/dtreemenu/joinbottom.gif GET www.liceobellinzona.ch/libenew.jpg Why PAN FW URL, log only the www.liceobellinzona.ch and all HTTP GET aren't ? How URL are logged, is based on HTTP field like referrer or content type ?
... View more
09-28-2012
07:36 AM
Hi, I migrated our PAN FW from 3.1 to 4.1 and there is some more fields on TRAFFIC and THREAT syslog format. With 3.1, using syslog-ng, I got: Sep 27 00:00:35 giacometti-2 00: 00:35,0003C100873,TRAFFIC,end, etc ... Since by defualt in 4.1 there is more field than with 3.1 I'd like to customize the syslog format in a way that have the sames format as it was on 3.1 (to avoind, for the moment to change syslog parser tool): $serial,$type,$subtype,$padding,$time_generated,$src,$dst,$natsrc,$natdst,$rule,$srcuser,$dstuser,$app,$vsys,$from,$to,$inbound_if,$outbound_if,$logset,$padding,$sessionid,$repeatcnt,$sport,$dport,$natsport,$natdport,$flags,$proto,$action,$bytes,$bytes_sent,$bytes_received,$packets,$start,$elapsed,$category,$padding And with this format i get: Sep 28 16:29:16 giacometti-test 16: 29:15,10.44.39.26,199.47.219.159,0.0.0.0,0.0.0.0,AC Standard,ac\t128636,,ssl,vsys1,AC-Trust,AC-Untrust,ethernet1/3,ethernet1/4,Netlog-AC,0,136120,1,4310,443,0,0,0x0,tcp,allow,354,288,66,4,2012/09/28 16:29:15,0,any,0 As you can see the firs 4 fields ($serial,$type,$subtype,$padding) are dropped somewhere, does someone have an idea why ?
... View more
04-18-2012
11:23 PM
Disk full mean that there is a partition dedicated to report ? Can we manage the size ?
... View more
04-18-2012
01:46 AM
Hello, how long are keep scheduled report ? can we schedule deltion of reports older than a date ?
... View more
04-16-2012
10:38 PM
top - 07:37:10 up 16:30, 1 user, load average: 1.20, 1.38, 0.99 Tasks: 84 total, 1 running, 83 sleeping, 0 stopped, 0 zombie Cpu(s): 6.2%us, 8.4%sy, 0.0%ni, 81.1%id, 1.0%wa, 0.2%hi, 3.1%si, 0.0%st Mem: 1007852k total, 995864k used, 11988k free, 18224k buffers Swap: 2008084k total, 411636k used, 1596448k free, 595788k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 2610 root 20 0 384m 79m 5116 S 17 8.1 72:45.62 mgmtsrvr 2625 root 20 0 131m 63m 38m S 13 6.5 31:33.52 logrcvr 2096 root 15 -5 21680 3312 2632 S 2 0.3 24:53.92 sysd 2609 root 20 0 379m 188m 41m S 2 19.1 11:43.50 devsrvr 25219 helenio 20 0 4528 1032 840 R 1 0.1 6:33.33 top 2595 root 15 -5 0 0 0 S 0 0.0 0:29.46 kjournald 31551 helenio 20 0 22344 1128 928 S 0 0.1 0:29.93 sshd 1 root 20 0 1832 560 532 S 0 0.1 0:02.15 init 2 root 15 -5 0 0 0 S 0 0.0 0:00.01 kthreadd 3 root RT -5 0 0 0 S 0 0.0 0:00.20 migration/0 4 root 15 -5 0 0 0 S 0 0.0 0:00.01 ksoftirqd/0 5 root RT -5 0 0 0 S 0 0.0 0:00.06 migration/1 6 root 15 -5 0 0 0 S 0 0.0 0:00.09 ksoftirqd/1 7 root 15 -5 0 0 0 S 0 0.0 0:00.02 events/0 8 root 15 -5 0 0 0 S 0 0.0 0:00.87 events/1 9 root 15 -5 0 0 0 S 0 0.0 0:00.02 khelper 57 root 15 -5 0 0 0 S 0 0.0 0:06.22 kblockd/0 58 root 15 -5 0 0 0 S 0 0.0 0:00.54 kblockd/1 61 root 15 -5 0 0 0 S 0 0.0 0:00.00 kseriod 65 root 15 -5 0 0 0 S 0 0.0 0:00.00 ata/0 66 root 15 -5 0 0 0 S 0 0.0 0:00.00 ata/1 67 root 15 -5 0 0 0 S 0 0.0 0:00.00 ata_aux 73 root 15 -5 0 0 0 S 0 0.0 0:00.00 khubd 98 root 15 -5 0 0 0 S 0 0.0 2:32.30 kswapd0 99 root 15 -5 0 0 0 S 0 0.0 0:00.00 aio/0 100 root 15 -5 0 0 0 S 0 0.0 0:00.00 aio/1 101 root 15 -5 0 0 0 S 0 0.0 0:00.00 nfsiod 671 root 15 -5 0 0 0 S 0 0.0 0:00.00 scsi_eh_0 673 root 15 -5 0 0 0 S 0 0.0 0:00.00 scsi_eh_1 692 root 15 -5 0 0 0 S 0 0.0 0:00.36 mtdblockd 708 root 15 -5 0 0 0 S 0 0.0 0:00.00 rpciod/0 709 root 15 -5 0 0 0 S 0 0.0 0:00.00 rpciod/1 741 root 15 -5 0 0 0 S 0 0.0 0:04.64 kjournald 794 root 16 -4 2004 384 380 S 0 0.0 0:00.80 udevd 1619 root 15 -5 0 0 0 S 0 0.0 0:06.52 kjournald 1620 root 15 -5 0 0 0 S 0 0.0 0:00.00 kjournald 1895 root 20 0 2004 632 588 S 0 0.1 0:00.10 syslogd 1898 root 20 0 1888 332 328 S 0 0.0 0:00.01 klogd 1906 rpc 20 0 2080 496 492 S 0 0.0 0:00.01 portmap 1924 root 20 0 2112 668 664 S 0 0.1 0:00.06 rpc.statd 1974 root 20 0 6700 612 608 S 0 0.1 0:00.02 sshd 2003 root 20 0 6700 592 588 S 0 0.1 0:00.00 sshd 2012 root 20 0 3276 624 620 S 0 0.1 0:00.02 xinetd 2035 root 15 -5 0 0 0 S 0 0.0 0:00.00 lockd 2036 root 15 -5 0 0 0 S 0 0.0 0:05.05 nfsd 2037 root 15 -5 0 0 0 S 0 0.0 0:04.40 nfsd 2038 root 15 -5 0 0 0 S 0 0.0 0:03.14 nfsd 2039 root 15 -5 0 0 0 S 0 0.0 0:06.24 nfsd 2040 root 15 -5 0 0 0 S 0 0.0 0:03.43 nfsd 2041 root 15 -5 0 0 0 S 0 0.0 0:02.86 nfsd 2042 root 15 -5 0 0 0 S 0 0.0 0:05.15 nfsd 2043 root 15 -5 0 0 0 S 0 0.0 0:06.76 nfsd 2046 root 20 0 2356 668 576 S 0 0.1 0:00.11 rpc.mountd 2078 root 0 -20 53616 6204 3300 S 0 0.6 0:50.09 masterd_core
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-02-2018
10:58 AM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks