This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About brucegarlock
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About brucegarlock
08-04-2020
20Posts
1Like
0Solutions
Aug 04, 2020Last Visited
User
Activity
User
Profile
Latest posts by brucegarlock
| Subject | Views | Posted |
|---|---|---|
| 5195 | 04-23-2020 02:18 PM | |
| 4777 | 12-21-2019 05:35 AM | |
| 4845 | 12-20-2019 11:55 AM | |
| 2142 | 01-30-2019 06:25 AM | |
| 2641 | 11-20-2017 08:31 AM | |
| 95416 | 09-02-2017 07:25 AM | |
| 4386 | 05-16-2016 02:45 PM | |
| 4071 | 04-05-2016 01:29 PM | |
| 4087 | 04-05-2016 12:38 PM | |
| 3517 | 02-16-2016 02:37 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 04-05-2016 12:38 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 3 Likes | |||
| 4 Likes | |||
| 1 Like | |||
| 7 Likes | |||
| 3 Likes |
User Badges
Community Statistics
| Member Since | 04-13-2015 01:39 PM |
| Date Last Visited | 08-04-2020 01:56 PM |
| Posts | 20 |
| Total Likes Received | 1 |
04-23-2020
02:18 PM
We're running into this issue on 8.1.13. We had been using a Covid-19 EDL that mined all the new domains being bought up and sitting idle until the time is right to start using them for malware delivery. We have an 820, so the list capacity is currently 50,000 URL's. Well, the domain list is already at 50k+ so our Dataplane memory is at 100%, and we can't commit. I'm working with support, and I even truncated the list to 1/2, and I still can't get it to commit. I have a move to 9.0.7 on my radar, and that will give us 100k URL support, so maybe I'll pull the plug on that. It seems that the 9.x code should be stable by now. We're active/passive so I am going to see how our passive handles the 9.0.7 version. There is a known issue with UserID not working properly until *both* firewalls have been updated, so that is causing me a little bit of worry, since we can't quickly test things until both FW's have been upgraded, so that makes for a longer possible maintenance window. When I set this EDL up a month ago, it was at about 13k domains - it's scaling up almost as fast as the medical cases! Maybe I'll put in a request with our SE to have PAN consider a special URL category for these domains.
... View more
12-20-2019
11:55 AM
I was at the Boston Fuel event, and one of the sessions the presenter said they could give us a URL for the new Bulletproof EDL listing (built-into PAN-OS 9.x). I'm not brave enough the deploy 9.x in Prod, so I was hoping maybe someone had the URL so I can create my own rule blocking these hosting providers that seem to harbor lots of malicious sites? https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/content-inspection-features/edl-for-bulletproof-isps
... View more
01-30-2019
06:25 AM
I'm looking for an EDL that would have all the free email services (@gmail.com, @yahoo.com, @hotmail.com, etc..) Is anyone aware of anything like this, that is maintained, or would we need to build something?
... View more
11-20-2017
08:31 AM
We are currently using User-ID to map users to IP addresses. It seems that there are three possible methods of preventing credentials from leaving a site, but I am not clear on which method is best. What are other folks doing? One of the methods involves spinning up a RODC, which seems to be the most accurate of the three methods, but there is cost with that one if you don't have licensing to cover that server. It's also another server to keep patched, so there's an on-going cost with that method. We have the licensing to spin up a RODC server, but I'm not sure if the Pro's outweigh the Con's with that choice. I'm interested in hearing what methods other people have used to implemented this very useful feature.
... View more
09-02-2017
07:25 AM
1 Kudo
Outstanding! I have been needing to do this for a while, and now I can give this process to a department manager to curate approved work-related YouTube videos by sharing the Playlist with them. This also gave me a chance to become familiar with MineMeld. Articles like this are very helpful.
... View more
05-16-2016
02:45 PM
According to Google, the only way to block access to consumer gmail accounts, is to intercept the traffic, and insert a HTTP header for all traffic going to google.com. Obviously PAN-OS can perform SSL inspection, but can it do the HTTP header insertion?
Here's Google's page on this: https://support.google.com/a/answer/1668854?hl=en
... View more
04-05-2016
01:29 PM
Brandon_Wertz I am jealous 🙂
I've started looking at my back-out plan, but you are right - I should just wait a bit and be patient. 🙂
... View more
04-05-2016
12:38 PM
1 Kudo
I'm eager to update, but feel the same way. Wait until 7.1.1 or later. There are a few things I really like:
* Commit Queues (commits take forever on our PA-500)
* GP for chrome
* Unified logs
* External Dynamic Lists
* PFS for SSL
We're not affected by any of the known issues. How safe do you think it would be to update now, versus waiting? We have a HA pair, so I could always upgrade one of them, and turn Off HA and see how things run.
... View more
02-08-2016
01:25 PM
I have (3) PA-500's, and the one thing I have noticed on all of them, is that it takes up to 10 min. to boot. It takes 15 min or longer if there is a new release being installed. What does the PA use for storage, and why does it take so long in this age of SSD and fast boot times?
Under the hood, it looks like it's running a customized version of Red Hat Linux, and being someone who has several RHEL servers that boot up in about 10 seconds, I'm wondering where the bottleneck is. Committing changes also takes a long time.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-04-2020
01:56 PM
|
Likes Given To
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks