Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
About nsendelbac
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About nsendelbac
Wednesday
15Posts
0Likes
0Solutions
Jun 09, 2021Last Visited
User
Activity
User
Profile
Latest posts by nsendelbac
| Subject | Views | Posted |
|---|---|---|
| 4622 | 07-18-2019 07:23 AM | |
| 4692 | 07-15-2019 11:39 AM | |
| 4763 | 07-10-2019 12:13 PM | |
| 1447 | 06-21-2019 08:25 AM | |
| 914 | 03-07-2019 07:55 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 2 Likes | |||
| 3 Likes | |||
| 2 Likes | |||
| 2 Likes | |||
| 2 Likes |
User Badges
Community Statistics
| Member Since | 04-30-2015 02:06 PM |
| Date Last Visited | Wednesday |
| Posts | 15 |
07-18-2019
07:23 AM
I set up a test and found out a custom App-ID containing tcp/udp dynamic, and a signature looking for user-agents, will match on traffic on destination ports below 1024, 80 and 443 in this case. So it seems that dynamic refers to all ports. The question now is why the apps I mentioned specify specific ports AND a tcp/dynamic port reference at the same time, if dynamic means all ports? Doesn't make sense.
... View more
07-15-2019
11:39 AM
Thanks for the reply. If dynamic refered to all ports, that would not explain why many apps have specific ports listed, as well as tcp/udp dynamic. If dynamic covered all ports, it would be redundant to include others in the same app. e.g. Access-grid tcp/80,8000,20000,20200,dynamic, udp/dynamic apple-appstore tcp/80,443,dynamic baidu-hi-base tcp/443,80,6453,dynamic, udp/2400,2500,dynamic avaya-webalive-base tcp/dynamic, udp/7878,2379 condor tcp/dynamic, udp/9600-9700 Since for each app some ports are explicitly listed and others are dynamic it makes me think that the dynamic range is a common range that an app could select a port from, such as 49152-65535. I believe that the app was observed using the specified ports each session, but different random port(s) established per session as well, from an upper-range that could be 49152-65535 or even 32768-61000. I wonder why there's nothing in the documentation that covers this topic.
... View more
07-10-2019
12:13 PM
I'm looking for a definitive answer on what port range "tcp/dynamic" and "udp/dynamic" uses. I would figure that it is 49152-65535, but I have not been able to locate anything in documentation or the community to confirm this.
... View more
06-21-2019
08:25 AM
The following KB article states that the File Blocking rulebase is not top-down but based on action precedence. The article fails to mention anything on the function of the application column with regard to processing logic: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGeCAK If for instance, I have a security rule that allows any application, and in the attached File Blocking profile I have a "Block Webmail EXE" rule that blocks on .exe file types, and has Gmail configured in the application column. Next I have a "EXE Alert" file blocking rule that alerts on .exe file types and has "Any" application specified. According to the above article, if a file type matches multiple File Blocking rules, the rule with the highest precedence action will win (block in this case). But what about the application column? If the application being used is web browsing and the "Block Webmail EXE" rule is only configured for Gmail, would it still block the file? Or would it recognize that this session is Web-Browsing, not Gmail, and match instead on the other "EXE Alert" rule?
... View more
- Tags:
- file blocking
03-07-2019
07:55 AM
Sure, you could add web-browsing, but then the file blocking profile would apply to much more traffic than the webmail apps I'm trying to alert/block on. I suppose a workaround would be creating a seperate security policy with only the webmail apps specalong with a seperate file blocking profile for it and select 'any' apps in the file blocking profile. Still wondering why there is a limited subset of apps within file blocking profiles though.
... View more
03-04-2019
01:43 PM
What is the reason that the Applications field within File Blocking Profiles only allow a subset of all applications? For instance, I have a file blocking profile that alerts on several file extensions for webmail applications I've specified, and I'm trying to add meetup-email, startmail, and zimbra, but these are not available. I thought perhaps the file block profiles only allow applications that have the "Capable of file transfer" characteristic, but all the apps I've mentioned have it.
... View more
02-27-2019
02:10 PM
ShiemB, If you're trying to get into Palo Alto I'd focus on networking and cyber security courses, and less so on Microsoft. A good start would be the PCCSA, as its at the Security+ level, but with PAN-specific information, followed by the PCNSA. I would certainly recommend CCNA and CCNA Security for the foundational networking knowledge. CEH would be useful to get a solid understanding of the attacker POV and the type of things we are trying to prevent with the PAN platform. AWS has a well-developed certification program, and since PAN products are deployable into clouds like AWS/Azure/Google Cloud, having an understanding of the cloud would set you ahead. Nick
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Wednesday
|
LEGAL NOTICES
Copyright 2007 - 2021 - Palo Alto Networks
