This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About AlexHalbarth
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About AlexHalbarth
10-02-2023
2Posts
0Likes
0Solutions
Oct 02, 2023Last Visited
User
Activity
User
Profile
Latest posts by AlexHalbarth
| Subject | Views | Posted |
|---|---|---|
| 749 | 04-11-2023 09:07 AM | |
| 648 | 01-31-2023 06:12 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 24 Likes | |||
| 3 Likes |
User Badges
Community Statistics
| Member Since | 03-26-2021 04:58 AM |
| Date Last Visited | 10-02-2023 09:25 AM |
| Posts | 2 |
04-11-2023
09:07 AM
Hello,
Due to the recent announcement of discontinuing the Sophos UTM/SG Firewall many customers are seeking alternatives.
It would be great to be able to migrate configurations from the old Sophos/Astaro Firewalls to Palo Alto Networks Strata NGF
This would provide the potential customers a benefit in an even easier migration to the PA-400 series, which in turn brings the customer enhanced security. By using the more advanced features in the policy optimizer and Expedition, the configuration could be enhanced even further.
A lot of customers will probably choose to stay at the vendors that provide an easy migration path for their legacy Sophos products, instead of switching to PAN to receive better security.
Is there a migration planned on the roadmap or are there any guides available for switching?
Thanks for the help and kind regards,
Alexander
... View more
01-31-2023
06:12 AM
Hello,
We are currently using Expedition 1.2.49 with a PanOS 11 Firewall and we are sending the logs to the Expedition Server via Syslog.
After some initial hiccups with setting up the Firewall for Syslog recieving, which we solved ourselves by enabling syslog via iptables (this should be added to the LogAnalysisGuide):
sudo iptables -I INPUT 1 -p udp --dport 514 -j ACCEPT sudo iptables -I INPUT 1 -p tcp --dport 514 -j ACCEPT sudo sh -c "iptables-save > /etc/iptables/rules.v4"
In the current Expedition version we are running, it seems that the PanOS log format is only detected when there is a specific header in the CSV file on the first line. This is not the case for syslog files, therefore the detection logic with regex (that is implemented in discoverTrafficVersion in the /var/www/html/libs/file_functions.php File ) is not working and is showing unsupported. The regex for PanOS 11 is completely missing in this file.
If you manually add the header for version 11.0.0 to the traffic log files found in /var/www/html/libs/file_functions.php , the detection is working fine:
Due to this version detection not working, the ML "fails", since it will never find logs that are in a supported format and it will not process any logs. Therefore /tmp/ error_logCoCo will show no files that are processed, since unknown versions, are not added to the log output (It took us a while to get this info).Therefore it will always look like as if ML is not finding any logs, even though they are there and in the correct folder, permissions are correct and so on.
As a workaround we manually edited the PHP file, to mark the version as 11.0.0 instead of unknown.
Is there a timeline when PanOS 11 will be fully supported in Expedition?
Thanks and kind regards
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks