This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About obor
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About obor
10-24-2016
9Posts
0Likes
1Solution
Oct 24, 2016Last Visited
User
Activity
User
Profile
Latest posts by obor
| Subject | Views | Posted |
|---|---|---|
| 2438 | 09-24-2014 02:32 AM | |
| 2541 | 09-23-2014 12:03 AM | |
| 3018 | 09-04-2013 03:11 PM | |
| 3018 | 09-04-2013 02:14 AM | |
| 3127 | 09-04-2013 01:20 AM | |
| 3261 | 09-04-2013 12:55 AM | |
| 2802 | 08-01-2013 03:37 AM | |
| 1815 | 12-06-2012 01:01 AM | |
| 1545 | 09-24-2012 04:49 AM |
User Badges
Community Statistics
| Member Since | 06-18-2012 01:43 PM |
| Date Last Visited | 10-24-2016 10:27 AM |
| Posts | 9 |
09-24-2014
02:32 AM
Hulk, Yes it correct what your saying and with the answer of ssharma it looks like this now: --- URL filtering database ( Bright Cloud or PAN DB) for categorization. --- Application & Threat database & PAN DB for Vulnerability/DNS signature checking. --- Antivirus database for virus /ANtispyware checking. Regards, Osman Bor
... View more
09-23-2014
12:03 AM
We are using the BrightCloud URL DB for URL Filtering. Last week we had discovered an issue that users can’t access the URL http(s)://www.haalmeeruitjecard.nl Searching the PaloAlto we see that is not blocked by the URL Log. BrightCloud says as URL Category “business-and-economy” and that is allowed. Still the session can’t be setup and we did not see any block page at all. Further looking we discovered that is blocked by the Anti-Spyware Rule with the Suspicious DNS Query action. We block Suspicious DNS Query query’s. In the Thread log was reported : Suspicious DNS Query (www.haalmeeruitjecard.nl)!! Uuh this is a normal site here in the Netherlands. So is it the Threat DB that this is causing??? NO, found out that the URL is marked in the PAN-DB Url Database as malware. Requested a change for Pan-DB and after this was changed we had no more Suspicious DNS Query’s for this url. URL: www.haalmeeruitjecard.nl Previous category: malware You suggested: financial-services New category: financial-services The new categorization is available starting with URL DB version: 2014.09.22.221 Does this mean that the PaloAlto Device is using both URL database’s to provide protection? Is it than maybe better to migrate to PAN-DB URL Database so that all information is provided from 1 DB? Thanks for your responses. Osman Bor
... View more
09-04-2013
03:11 PM
yes, we are running version 391. But we managed To gather more info and we only see these log when users visit the salesforce.com website. Salesforce is an appid, and no salesforce app detection but SSL app detection and wrong URL and category. maybe this info can help.
... View more
09-04-2013
02:14 AM
yes, these sites are still categorized as "private-ip-addresses" with in version 391. I have already cleared my url cache and dynamic host cache.
... View more
09-04-2013
01:20 AM
I was aware of the problems with 390 and a few hours ago we have upgraded to 391 and we have still these url logs. Thats why i posted this to ask if more people have the same issue. So it seems that 391 is still having this issue. Thanks for all responses.
... View more
09-04-2013
12:55 AM
What's wrong with the URL filtering and logging of the PaloAlto FW? We have many URL logs like '%16%03%01/' when users visit SSL websites. Is URL detection for SSL websites broken? Are there other users who have this problems? We are not 100% sure but it seems this log happens only when Internet Explorer 8 is used. But still investigating Regards, O. Bor
... View more
Labels:
- Labels:
-
Troubleshooting
08-01-2013
03:37 AM
Hello, We are running version 5.0.6 for a few weeks now and looks very good. We see now also in our threat detection the following threat "Suspicious DNS Query : ......" and this is blocked. This is very cool to block at dns level spyware and malware but the disadvantage of this is that the source client ip address is always your DNS server. So you need to look in to your logs of your DNS Server to find out the infected client. But if you have a distributed DNS infrastructure and many DNS Servers spread over several location in Europe then this a hard job to do. Why is it not possible to redirect Suspicious DNS Query's to a honeypot IP address so you can then detect the real client's ip address? Maybe a future request!! Or does someone have a better idea how to deal with this issue? maFor us monitoring all the DNS servers log is not a option because we have so many DNS Servers spread over many locations. Regards, O. Bor
... View more
12-06-2012
01:01 AM
Hi, I was wondering if there are any plans or a method how to detect Office 365 traffic? We have no URL scanning license on the box, so we depend on the App detection method. Because all traffic is a SSL connection, PaloAlto reports the traffic as general SSL Application. Many thanks for any suggestion about my issue.
... View more
Labels:
- Labels:
-
App-ID
09-24-2012
04:49 AM
Hi, The new ntlm url is http://firewall:6080/php/ntlm.php?vsys=1 Cheers
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-24-2016
10:27 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks