Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- 5G
- IoT Security
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- ›
- About PeterT
About PeterT
Announcements
Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
08-26-2020
27Posts
4Likes
1Solution
Aug 26, 2020Last Visited
User
Activity
User
Profile
Latest posts by PeterT
| Subject | Views | Posted |
|---|---|---|
| 364 | 08-04-2020 06:09 PM | |
| 3512 | 04-11-2019 05:26 PM | |
| 3548 | 04-03-2019 08:54 PM | |
| 3556 | 04-03-2019 05:08 PM | |
| 2385 | 11-21-2018 01:38 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 2 | 06-19-2017 07:23 PM | |
| 1 | 09-20-2016 03:02 PM | |
| 1 | 05-08-2017 08:22 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 2 | |||
| 2 | |||
| 1 | |||
| 2 |
User Badges
Public Statistics
| Date Registered | 06-17-2014 05:48 PM |
| Date Last Visited | 08-26-2020 03:20 PM |
| Total Messages Posted | 29 |
| Total Likes Received | 4 |
08-04-2020
06:09 PM
Anybody figured out a the magic combo to get Google Earth (Pro) not to warn on startup with SSL Decrypt? Before you ask "yes" SSL decrypt is working no errors or warnings in browsers (i.e. CA's in trust store) and yes I thought about the ICA issue and imported the GTS CA 1O1 cert on the off chance that was the issue. Any other ideas outside "bypass or ignore it". Google Earth (Pro) the only Google app/suite I'm still having issues with here.
... View more
04-11-2019
05:26 PM
So I'm reading that but not groking the flow exactly even the detailed one. Let me walk you through where my brain is going and ask you clarify: On your first rule it would seem to me that it would allow the source to access the entire web as well including non-MS updates since "web-browsing" is an implicit dependencie of ms-updates (show predefined application ms-update) though I'm not going to lie, my brain has had a hard time groking implicity-use and use applications when it comes to rule evaluation. So my source going to playboy.com would be allowed I assume because of the URL filter "any" coupled with the implicit-use web-browsing for the ms-update application-id, i.e. I feel you still need the the URL filter rule even w/ application=ms-update because of that. Lets take that a step farther, lets say rule1 = "deny application=ms-update url=windows-update" and rule2 = "allow application=ms-update url=any", in that scenario which rule triggers if I send ms-update to "ninja.com"? Does rule1 trigger because ms-update ignores URL categories regardless of implicit-use so denies it simply based applicatoin-id or does rule2 trigger because implicit-use will get it past rule1? What I'm trying to figure out (and I can't tell even from the detailed) is the interaction between URL category and application, i.e. are they treated independent of each other (i.e. can I use a URL category w/ app-id SSH for example to block a FQDN) or is URL category a subdependency ONLY of the single application web-browsing and use with any other application (even implicity-use) ignores it.
... View more
04-03-2019
08:54 PM
Will test it out tomorrow and cool as a practical matter but any ideas or can point a doc that explains the interaction and OOP between services and url filtering or hell how URL filtering even works in details .. would help with other issues down the road I think.
... View more
04-03-2019
05:08 PM
So let me start here fundementally all I'm trying to do is something like "Computer Y can access MS updates and nothing else" and my three pointers were: https://live.paloaltonetworks.com/t5/General-Topics/Security-Policy-with-Service-URL-category-configuration/m-p/233176#M66885 https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClbvCAC https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHXCA0 Also as an asside let me say 1) i really hate how often PA KB's conflict each other or do things differently, i.e. is it really that hard to deconflict (i.e. check the URI's listed; yes I understand somebody just went * for one of them) and 2) Why people never do anything in Panorama as it makes following examples / screenshots a PITA; like simpy show/list both ways. Anyways generally speaking what I want to know, and a search didn't really say anything, is exactly when does URL filtering kick in. Does it kick in after a Service="ssl" or Service="web-browsing" match? Does it kick in regadless of service context the first time it thinks it sees HTTP (or HTTPS)? Basically what is the interaction between "service" and "URL categories". For example if I say "service=web-browing deny; URL Catgory=allow list google.com" does it still let me to google? If say "service=webex allow; URL Category=webex_category deny" does it allow webex.com or not? The specific interaction between those two times when licensed for both is pretty unclear to include OOP. What if I HTTP to a non-standard port, does URL filtering still kick in if it sees HTTP on port 48123? etc. Like I get the context of URL filtering IF service=web-browing (or service=ssl) when they are complimentary but not when it's they are dependency services or the OOP interactions when they conflict. Fundementally in Panorama (to the point) I assume I'm just making a rule that says "allow service=web-browsing/ssl; block-categories all (67) allow list *.microsoft.com" which should work as long service doens't override it. Either way documentation on this could be clearer. Lastly (since I'm here) do you EVER have to update the PAN-DB URL FIltering database (Device->licenses) or is this just a one time thing when you first activate your license never to have to do it again until it expires or you wipe the box? It's the only license with an active/download status field hence I've always wondered on that given I can always 'download now' which I find odd as it suggetts it's something you may need to occasionally do but at the same time, it's not a dynamic update. I assume it just autoupdates somehow or it queries real time? LIke I've never understood on teh URL filtering side how those updates are handled.
... View more
11-21-2018
01:38 PM
@Brandon_Wertz Actually it's the opposite, I'm trying to white list Google hence the problem. @BPry I've thought about that but never seen any good documentation on MindMeld especially for WhiteListing, not black plus last time I attempted to install it; some years ago, I think we ran into a problem where either it didnt' work with RHEL -OR- it didn't work with RHEL in FIPS mode but that was some years ago so maybe it doesn't hold true anymore. Still I'm not adverse to labbing this, you got a link to a URI with a similiar setup / walkthru?
... View more
11-19-2018
02:34 PM
Correct; google 1e100.net as *.*.*.26 and *.*.*.27 addresses from thousands of blocks and they expand/contrast daily. Not really an issue for pre-defined google apps signatures but for raw SMTP this is an issue.
... View more
01-22-2018
03:13 PM
Just an update for anybody who stumbles across this post like I did but since PANOS 6 Panorama will both forward Panorama events to a SIEM AND also send all the logs it receives from the various PA systems as well, i.e. act as a log aggregrator and forward. What I don't know, and I bet you can't, is ONLY send the Panorama logs and not the aggregate logs as support said " Panorama will forward whatever logs in the logdb, no matter it generated locally by Panorama itself or the log aggregated from FW, it will forwarded to the external destination." which suggests to me you can't and is a design flaw but oh well, it is what it is. For configuration see: https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/manage-log-collection/configure-log-forwarding-from-panorama-to-external-destinations
... View more
06-19-2017
07:23 PM
2 Kudos
Since released back in 2012 some of these templates no longer work as Palo Alto has modified their OID's over the years. Attached is the PA-500 v1.1 template. http://forums.cacti.net/viewtopic.php?f=12&t=44560&p=267761#p267761 Would attach here but no idea how to attach a file in this forum
... View more
06-07-2017
02:51 PM
Found it in case anybody else ever runs into this. The "Device Grouping" view also changes the left hand menu as well, I didn't realize it was contextual; only though the information displayed on the side was device grouping dependent. So in my case I needed "All" because Panorama itself isn't a device which can be grouped
... View more
05-08-2017
08:22 PM
1 Kudo
Panorama 8.0.2 Both work via CLI, the question then (per screenshot above) where is it via the Web UI? I'm thinking possibly bug / call support on this one now lol.
... View more
05-04-2017
01:09 PM
@reaper That makes no sense given I'm logged on as the "superuser" on the Panorama 🙂 .. i.e. have rights to everything, I just don't have rights to the Arcsight SIEM where the remote logs are dumped 😉 . I should still be able to see the panorama local access logs though IMHO as would be a wierd situation where the panorama superuser could see the logs on the FW's (which I can) but not panorama itself
... View more
05-03-2017
02:06 PM
reaper: Yes though I assume it still keeps local logs (as I don' t have access to where the logs are actually forwarded to; don't ask, org politics)
... View more
05-03-2017
02:05 PM
Raido: LOL I don' t even have that option on my Panorama system (though I do on my PA's):
... View more
05-02-2017
02:12 PM
In Panorama where are the adminsitrator access logs? I.e. if I want to see when a adminsitrator user last accessed the system. I know where that is on the PA firewalls, but on Panorama??
... View more
- Tags:
- panorama
03-24-2017
01:48 PM
Anybody think of a situation where I would prefer a layer 2 connection over a vwire in a basic setup? i.e. [users]--[core switch]--[PA]--[router] Right now I have: ([switch] --VW--[PA]--VW--[router])x4 Moving (becuase of lack of PA support for LACP LAG's with VWire) ([switch] --L2--[PA]--L2--[router])x2 Only caveat is [switch] and [router] in one big HSRP cluster all interconnected with LAG's so not sure if the HSRP level stuff changes whether PA using L2 of VWIRE, i.e. setup is really [switch]x2 { HSRP } [router]x2 Not really looking for a conversation about HSRP, etc more just curious is there any situation where I would prefer a L2 relationship over a VWire?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-26-2020
03:20 PM
|
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
