Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
About Quinton
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About Quinton
09-12-2016
66Posts
17Likes
2Solutions
Sep 12, 2016Last Visited
User
Activity
User
Profile
Latest posts by Quinton
| Subject | Views | Posted |
|---|---|---|
| 2349 | 02-12-2015 02:49 AM | |
| 2349 | 02-05-2015 08:06 AM | |
| 2232 | 08-04-2014 09:48 AM | |
| 2232 | 08-04-2014 05:00 AM | |
| 2232 | 08-04-2014 03:11 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 03-13-2013 12:39 PM | |
| 1 Like | 06-19-2013 12:26 PM | |
| 1 Like | 09-12-2012 11:44 AM | |
| 1 Like | 09-15-2012 11:24 AM | |
| 1 Like | 03-06-2013 12:41 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 3 Likes | |||
| 3 Likes | |||
| 2 Likes | |||
| 4 Likes | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 04-16-2012 02:33 AM |
| Date Last Visited | 09-12-2016 02:13 AM |
| Posts | 66 |
| Total Likes Received | 17 |
02-12-2015
02:49 AM
Wireless is no problem. Are these devices part of the Windows domain?
... View more
02-05-2015
08:06 AM
Sounds like the user is caching out. Nothing to do with the application. I'm assuming these computers are part of the domain since you do pick up the user initially through the user-ID agent. Did you enable "Server session monitoring" in the userID agent? Also is WMI probing enabled and working? Both these mechanisms will help keep the user to IP mappings fresh.
... View more
08-04-2014
09:48 AM
I've tried creating a custom app as well. It seems like the built-in app-ID protocol decoders identify the application first and then skips my custom application all together. I guess the sequence of matching applications is first the pre-defined application database, then unknown apps are matched against any custom defined applications. App override works but that opens a huge whole in firewall by disabling DPI on the port range specified.
... View more
08-04-2014
05:00 AM
If I'm not mistaken, technically a custom vulnerability signature should work regardless of source and/or destination ports. Key variable here is source IP which is constant (customer). Basically a security rule is created with the application specified as "bittorrent". The packets are handed over for content checking (vulnerability profile) once the rule matches a bittorrent session. So the custom vulnerability signature only checks the packets for the pattern specified in the custom vulnerability signature. It does not look at ports at all in the signature. So the action of the custom vulnerability filter (combination) is based on how many times the pattern was seen in x amount of time. The missing ingredient is access to the p2p context in the pattern match criteria in the PAN Web interface.
... View more
08-04-2014
03:11 AM
Thanks Phil. What about only allowing bittorrent on a set amount of ports (<customer src ip>:[50000-55000]) and then do DOS on that? Kinda forces the torrent clients into a manageable "space"? QoS will work to a certain extent. You can still hit extremely high session counts on very little bandwidth. For example I can saturate the session table on a PA3020 with a 100 x 1Mbps customers all running bittorrent. Even if you QoS it down to 50Mbps or less on the PAN. QoS will drop individual packets in a session, but the sessions will stay open which is the problem. I'll check into caching out the bittorrent sessions quicker. Very seldom that a session idles in bittorrent. Caching out the sessions earlier might increase the TCP chatter of the bittorrent protocol trying to reestablish closed sessions.
... View more
08-01-2014
12:58 AM
Hi devcenter I've been reading the document on Application DDoS mitigation techniques using vulnerability signatures ( Application DDoS Mitigation ). I've been experimenting with the concept of "session limiting" bittorrent connections in this manner. I can't get my signature to match though. Guessing it is because I need to use a p2p context in the signature and not unknown? Is there any way to get this to work? Or maybe some other technique that can be used to "session limit" bittorrent connections, not QoS using bandwidth statements. From an ISP perspective it would be advantageous to be able to "session limit" bittorrent connections using PAN - i.e. limit amount of active bittorrent sessions per ISP customer source IP. Bittorrent connections from a hundred odd customers each with couple Mbps per WAN link floods the session table on the PAN at very very low throughput. Almost 90% of the time the session table is filled with 80% bittorrent connections ("show session all filter count yes application bittorrent").
... View more
02-06-2014
01:34 AM
I'll have a look at ms.log next time when I see the issue again. Thanks
... View more
01-30-2014
09:51 AM
So far so good. Seems pretty solid. Only issue I found thus far is the dynamic content error when upgrading from 5.x to 6.0. The dynamic content page gives an error and it does not scan traffic for threats.
... View more
01-30-2014
09:46 AM
Getting the same issue. Had it at two sites already. I manually upload and install the content package and leave the firewall for a bit. It seems to come right by itself... Nothing else worked
... View more
11-18-2013
04:52 AM
What happens in the following situation: 1) Client goes home and connects via wireless to his wifi network at home 2) GP automatically establishes a VPN to the office and sets the GP tunnel as the default route (0.0.0.0/0 -> GP tunnel) 3) Client now connects a 3G dongle to his laptop and establishes a 3G connection. The 3G connection now installs a 0.0.0.0/0 -> 3G This would allow the client to access the internet without going via GP?
... View more
08-15-2013
11:09 AM
Work perfect thanks
... View more
08-15-2013
09:26 AM
Does anybody know what the commands are to view the current settings?
... View more
06-25-2013
06:38 AM
Sorry was in response to your statement " Syslog server isn't a problem but as I remember that API uses administrator provilages of PAN, I wouldn't share that credentials ". I don't think you need PAN credentials if you use the user-id agent. The firewall API requires an username and password to upload user mappings. The software user-id agent running on a windows PC does not need PAN admin credentials to upload user mappings. You only need to configure the connection between the user-id agent and the firewall. The script extracts user to IP mappings and injects it to the user-id agent running on windows. Hope my explanation makes sense
... View more
06-25-2013
06:01 AM
You could use user-ID XML API of User-ID agent on a windows PC?
... View more
LEGAL NOTICES
Copyright 2007 - 2021 - Palo Alto Networks
