About jvalentine

I know this is an old post, but I just ran into this problem as well. I have two Ring Cameras, one door bell cam and one stick-up cam in my backyard.   All of sudden, both cams stopped showing recorded images and the live feed didn't work. I did get motion alerts, but when I tried to click on live view the image just never showed up.   After some investigation, I found that RING was being stopped by threat prevention in the Palo. In the logs it appeared that there were to instances of calls being made from the inside that hit the Threat policy.   Suspicious TLS Evasion Found on port 443 and Microsoft Communicator INVITE Flood Denial of Service Vulnerability on port 15063   Both of which where informational. To mitigate this I created a new Security Profile where I removed dropping packet that where on informational nature and added that to a policy that matched the predefined RING application.   Once that was done, all feeds and events came right back up. ... View more

Were you able to make the firewall trigger the 33020 signature and therefore trigger the 40021 to block the MS-RDP brute-force?   I have a similar setup at one of my customers site - configured a top-level rule to allow RDP to a specific terminal server, assigned vulnerability profile to block-IP anything in category brute-force, created exceptions for 33020 (changed action to alert) and 40021 (lowered the default value of 40021 from 8 req per 100 sec to 5 req per 100 sec).   I am seeing the ms-rdp requests in Traffic log with action allowed but there is nothing in the Threat log. This is overloading the terminal server making the valid users unable to connect.   Thanks. ... View more

Hi @MP18, I'm trying to understand the best option when putting 2 x PA NGFW's in Active/Passive, each with Vwire's between a Check Point 2-Node Active/Passive Cluster and 2 x L3 Switches.  My specific concern was how the Active PA NGFW would follow the Active Check Point Cluster Node in a fail-over event.  My concern quickly switched however when VSLS was enabled to make the Check Point Cluster Active/Active.  Now I am trying to understand the implications of PA Active/Active Vwire's in a failure scenario. My backup plan is no HA with TCP syn check disabled and to be honest will most likely be the chosen option as we're in emergency response mode for this work. Thanks Ben ... View more

@Todd_Benshoof  this sounds pretty straight forward, do you have a network design?   if you have all L3 (sub)interfaces, and they're all in the same VR, routing will happen automagically (the routing table will be populated with 'connected' networks and route from the get-go)     ... View more

its solved, introducing contrl+v and then ? , its working fine ... View more

@jvalentine   Thanks for your response !!   I have checked the same prior but will recheck it again and let you know the status.    Best Regards, Sahul Hameed  ... View more

Depends on your definition of "support".    My understanding is that today, if you use 0x88A8 ethertype, PAN-OS will treat that as an unknown ethertype and the traffic will receive the same action as any other non-IP protocol (ie: v-wire/L2 will flood w/o setting up flows).  In 8.0, PAN-OS gained the ability to block this using Zone Protection.  There is some limited support when using nested 0x8100 tags, but only for using the outer VLAN.     If you're looking for more functionality than this, please contact your Palo Alto Networks SE and request to be added to the QinQ feature request, along with the specific functionality required.   ... View more

OK. Turns out you can use the variable directly in the a href code as per below:     <a href="mailto:helpdesk@yourdomain.com?subject=URL%20Blocked&amp;body=I'm%20having%20trouble%20accessing%20the%20following%20URL.%0A%0AURL%3A%20<url/>%0ACategory%3A%20<category/>">email helpdesk</a>   When the link is clicked on, it resolves the variables as part of the url and the result is below.   ... View more

Any luck getting this to work? ... View more

Hi @jvalentine   As per the link https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFCCA0   where do we need to run the commands? On Panorama or on the firewalls? ... View more

Along with these classes, you can prepare with online pracctice exams for better score. It will help you to score outstanding in PCNSE 8 exam    Nwexam is wellknown for providing robust online practice exams, reger given link to get complete detail --> https://www.nwexam.com/palo-alto/pcnse-network-security-engineer ... View more

It worked for me as well.  Thanks for posting your solution!  Objects->Applications->SIP->ALG->Customize->Disable ... View more

Not really. I added a serial port with default values in the virtualbox UI. That was all. ... View more

by   jvalentine on   ‎07-26-2017   08:05 AM I've done this successfully with SSH (and having the GlobalProtect client installed).  When I attempt to SSH to a particular server, the GP agent alerts with a message that MFA is required before gaining access.  I click and authenticate, and can then connect to the SSH server.  This single thread is nearly the only useful result of a search for MFA, SSH and Palo Alto    @jvalentine , How did you get this working? I can't seem to find any documentation on this and how to configure it.    We are being told that we must have MFA controlling our SSH access to the Palo Alto, and there is hardly any information on this.  We would be fine using Duo or YubiKey, GlobalProtect would work as an access point as we have also been told that we need to limit SSH from all systems that are not fully FIPS-compliant, which the VPN clients would be as the Palo is in FIPS mode.   So, in order to access our Palo over SSH we would be connecting to the VPN using GlobalProtect, and then if configured correctly GP would prompt us for our MFA creds, either Yubikey cert/pin or Duo?     Thanks in advance for any information anyone can provide on this.   ... View more

Thanks @vsys_remo for chiming in and answering #2.  I will be reaching out to you to get you a reward for helping out. ... View more

@ice-quake, Yes. For example if I make an app called 'WSL-Slate', I'll need a security policy that actually allows my users to access this 'WSL-Slate' application.  ... View more

Thank you gwesson for the detailed description. I will have a deeper look into it at different Pan-OS versions.   Best regards, Andreas ... View more

Agree that is ugly and non-standard.   Bear in mind that when you leave the company when your replacement sees this they will curse your name forever.  Assuming they can even figure out why it works.   ... View more

What will happen when arp expire after 30 min. I could not see palo alto sending arp towards ISP  ... View more

@sidalpha2000, Can you rephrase your question a little bit. Not sure what you are actually asking here.  ... View more

Just experienced this today after having setup DNS proxy on 8.1.1 in my home network.   If you enable TCP queries on your DNS proxy setup Netflix works as normal (at least it did for me with my Apple TV). ... View more