cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

About nsendelbac

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
nsendelbac
‎05-28-2020
since ‎04-30-2015
L2 Linker
User Activity
User Profile
Latest posts by nsendelbac
View All
User Badges
Public Statistics
Date Registered ‎04-30-2015 02:06 PM
Date Last Visited ‎05-28-2020 12:00 PM
Total Messages Posted 15

Re: tcp/dynamic port range

by in General Topics
‎07-18-2019 07:23 AM
‎07-18-2019 07:23 AM
I set up a test and found out a custom App-ID containing tcp/udp dynamic, and a signature looking for user-agents, will match on traffic on destination ports below 1024, 80 and 443 in this case. So it seems that dynamic refers to all ports. The question now is why the apps I mentioned specify specific ports AND a tcp/dynamic port reference at the same time, if dynamic means all ports? Doesn't make sense.  ... View more

Re: tcp/dynamic port range

by in General Topics
‎07-15-2019 11:39 AM
‎07-15-2019 11:39 AM
Thanks for the reply. If dynamic refered to all ports, that would not explain why many apps have specific ports listed, as well as tcp/udp dynamic. If dynamic covered all ports, it would be redundant to include others in the same app.  e.g. Access-grid                 tcp/80,8000,20000,20200,dynamic, udp/dynamic apple-appstore            tcp/80,443,dynamic baidu-hi-base              tcp/443,80,6453,dynamic, udp/2400,2500,dynamic avaya-webalive-base  tcp/dynamic, udp/7878,2379 condor                         tcp/dynamic, udp/9600-9700   Since for each app some ports are explicitly listed and others are dynamic it makes me think that the dynamic range is a common range that an app could select a port from, such as 49152-65535. I believe that the app was observed using the specified ports each session, but different random port(s) established per session as well, from an upper-range that could be 49152-65535 or even 32768-61000.    I wonder why there's nothing in the documentation that covers this topic.  ... View more

tcp/dynamic port range

by in General Topics
‎07-10-2019 12:13 PM
‎07-10-2019 12:13 PM
I'm looking for a definitive answer on what port range "tcp/dynamic" and "udp/dynamic" uses. I would figure that it is 49152-65535, but I have not been able to locate anything in documentation or the community to confirm this.  ... View more

File Blocking rule logic

by in General Topics
‎06-21-2019 08:25 AM
‎06-21-2019 08:25 AM
The following KB article states that the File Blocking rulebase is not top-down but based on action precedence. The article fails to mention anything on the function of the application column with regard to processing logic: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGeCAK   If for instance, I have a security rule that allows any application, and in the attached File Blocking profile I have a "Block Webmail EXE" rule that blocks on .exe file types, and has Gmail configured in the application column.   Next I have a "EXE Alert" file blocking rule that alerts on .exe file types and has "Any" application specified.   According to the above article, if a file type matches multiple File Blocking rules, the rule with the highest precedence action will win (block in this case). But what about the application column? If the application being used is web browsing and the "Block Webmail EXE" rule is only configured for Gmail, would it still block the file? Or would it recognize that this session is Web-Browsing, not Gmail, and match instead on the other "EXE Alert" rule? ... View more

Re: File Blocking applications

by in General Topics
‎03-07-2019 07:55 AM
‎03-07-2019 07:55 AM
Sure, you could add web-browsing, but then the file blocking profile would apply to much more traffic than the webmail apps I'm trying to alert/block on. I suppose a workaround would be creating a seperate security policy with only the webmail apps specalong with a seperate file blocking profile for it and select 'any' apps in the file blocking profile.    Still wondering why there is a limited subset of apps within file blocking profiles though.  ... View more

File Blocking applications

by in General Topics
‎03-04-2019 01:43 PM
‎03-04-2019 01:43 PM
What is the reason that the Applications field within File Blocking Profiles only allow a subset of all applications? For instance, I have a file blocking profile that alerts on several file extensions for webmail applications I've specified, and I'm trying to add meetup-email, startmail, and zimbra, but these are not available.    I thought perhaps the file block profiles only allow applications that have the "Capable of file transfer" characteristic, but all the apps I've mentioned have it.  ... View more

Re: Security +

by in General Topics
‎02-27-2019 02:10 PM
‎02-27-2019 02:10 PM
ShiemB,   If you're trying to get into Palo Alto I'd focus on networking and cyber security courses, and less so on Microsoft. A good start would be the PCCSA, as its at the Security+ level, but with PAN-specific information, followed by the PCNSA. I would certainly recommend CCNA and CCNA Security for the foundational networking knowledge. CEH would be useful to get a solid understanding of the attacker POV and the type of things we are trying to prevent with the PAN platform. AWS has a well-developed certification program, and since PAN products are deployable into clouds like AWS/Azure/Google Cloud, having an understanding of the cloud would set you ahead.    Nick ... View more
Ask Questions Get Answers Join the Live Community
Contact Me
Online Status
Offline
Date Last Visited
‎05-28-2020 12:00 PM
Likes Given To
Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2020 - Palo Alto Networks