About mrsoldner

mrsoldner There are few enabler applications that are allowed implicitly, meaning, you don't have to add them in the policy to allow them explicitly. I believe web-browsing and SSL fall under this list. This implicit allow was something that was introduced in PAN-OS 5.0 Below document might come in handy: How to Check if an Application Needs to have Explicitly Allowed Dependency Apps I am looking for the list of implicitly allowed enabler applications. If I find anything related, i will update this post Hope this helps. Thanks ... View more

So;  the fixes are not enough ? ... View more

If you like you can firewall the ASA Clients and TMG publication with vwire ... View more

rkra wrote: Is it possible to make a reverse DNS Query in reports to get Names instead IPs in report displayed? Roman If you are creating a custom report and just click "Run Now" it will give you IPs.  I believe if you do a scheduled report, it will provide any applicable DNS name. ... View more

Please note our new release. Version 458 Notes: Release notes for emergency content release for CVE-2014-6271 update and CVE-2014-7169 Thursday, September 25th, Palo Alto Networks became aware of additional vulnerabilities with the Bash shell utility. The fixes for CVE-2014-6271 were incomplete from Operating System vendors and there is a new vulnerability, CVE-2014-7169, that describes this issue. To address this new vulnerability, Palo Alto Networks is releasing an emergency content update that provides updated detection of both CVE-2014-7169 and the previous CVE-2014-6271 vulnerability with an update to the IPS vulnerability Signature ID: 36729 "Bash Remote Code Execution Vulnerability" with "Critical" severity and default action of "Alert". Please don't forget to mark this discussion as answered if we have addressed your concerns. ... View more

Hey Some more information on why default action is set to alert for POP3, IMAP and SMTP instead of block. * POP3/IMAP + block -> A virus mail will be blocked. BUT: You can not get a new email from this server until the virus email is deleted from the server. Because the whole POP3 session will be dropped each time you retry to retrieve you emails, since emails are not send separately with this protocol. * SMTP + block -> An SMTP 541 error message will be sent as part of the block action when a virus is detected. This will tell the mail server not to retry sending the message, allowing the firewall to drop the mail without the mail server trying to resend it. So I don't realy see why the default action would be just alert. I guess some smtp servers will not listen to these 541 error messages and keep resending the email... ... View more

Hello, Have you tried Policy based forwarding Rule for this traffic? Configure it such as all tcp/32400 traffic sourcing from Untrust to forward on the media server's interface. Let me know if that helps. Thanks, Aditi ... View more