This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About mitre10
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About mitre10
12-12-2022
3Posts
1Like
0Solutions
Dec 12, 2022Last Visited
User
Activity
User
Profile
Latest posts by mitre10
| Subject | Views | Posted |
|---|---|---|
| 1707 | 03-03-2016 03:46 PM | |
| 1829 | 02-25-2016 07:54 PM | |
| 3295 | 11-24-2015 06:36 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 03-03-2016 03:46 PM |
User Badges
Community Statistics
| Member Since | 11-24-2015 05:28 PM |
| Date Last Visited | 12-12-2022 09:10 PM |
| Posts | 3 |
| Total Likes Received | 1 |
03-03-2016
03:46 PM
1 Kudo
Thanks for the detailed reply Luciano. I'll do some further work on this based on you advice. Appreciate it!
... View more
02-25-2016
07:54 PM
We've been having some issues with websites like DropBox, Hightail etc since configuring SSL Decryption. I believe this relates to a security technique called "Certificate Pinning". I've resolved the issue by adding the "Online Storage & Backup" URL category into a no-decrypt policy but it concerns me that opening up the entire category is a risk and could result in unwanted content entering our network.
We have a large number of suppliers who send product related files to us using applications like DropBox but because they don't use a common platform these files can come from a number of different file sharing sites. This makes it tricky to use a custom URL category. Additionally there are a high number of internal users who need to access the files for download. So restricting access down to a select few isn't going to work.
I'd like to find out if others have had this issue and how they mitigated the risk. I don't think I'm going to be able to eliminate the risk but if I can reduce it then I will be much happier.
I'm still only fairly new to PA's so maybe just my inexperience is not allowing me to resolve this.
Appreciate anyone's thoughts!
Thanks!
... View more
11-24-2015
06:36 PM
I have a perplexing problem with allowing DNS traffic from internal to the internet on our new PA-3020 running 7.0.3.
We have 2 DNS servers in our datacentre on the same subnet that perform queries to a couple of external DNS servers provided by our telco.
I have a rule allowing traffic from the 2 IP's (Internal Zone) for our DNS servers out to the internet (any) on UDP port 53
One server is successfully using this rule but the other server bypasses the rule and gets blocked by the explicit deny at the bottom. The traffic log shows the correct port (53) but the application is "not-applicable". I've tried the following "application/service" settings but there is no change to the issue:
Application: any Service UDP 53
Application: dns Service: application-default
Application: dns Service UDP 53
I've done packet captures on the server that's not working and the destination port for the traffic is UDP 53 so I'm at a real loss to know why this is happening. Can anyone assist me here please?
Thanks!
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks