This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About jsalmans
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About jsalmans
11-18-2022
188Posts
31Likes
5Solutions
Nov 18, 2022Last Visited
User
Activity
User
Profile
Latest posts by jsalmans
| Subject | Views | Posted |
|---|---|---|
| 146 | 11-18-2022 01:35 PM | |
| 645 | 07-18-2022 10:30 AM | |
| 703 | 07-16-2022 08:33 PM | |
| 657 | 06-13-2022 02:44 PM | |
| 1093 | 06-10-2022 08:40 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 02-13-2019 08:10 AM | |
| 1 Like | 02-12-2019 06:18 PM | |
| 3 Likes | 02-05-2019 10:59 AM | |
| 3 Likes | 11-02-2018 07:14 AM | |
| 1 Like | 08-08-2018 06:11 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 2 Likes | |||
| 2 Likes | |||
| 3 Likes | |||
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 02-23-2016 07:18 AM |
| Date Last Visited | 11-18-2022 03:16 PM |
| Posts | 188 |
| Total Likes Received | 31 |
11-18-2022
01:35 PM
I can't say I've tried it yet. We're still using a two other solutions... one is just to use standard DIP in a small lab and the other is to assign gaming clients with public IP addresses. They're still blocked on the firewall for incoming connections from the Internet but they don't have to NAT.
This is definitely something I'd be interested in hearing from others on their experiences with it and also what the game consoles and associated games may end up showing as NAT Type with multiplayer performance.
... View more
07-18-2022
10:30 AM
I'm still tinkering with this and the miner to get an auto-timeout on the indicators to work but I did get communication up so at least my Threat log forwarding is working.
The solution was to make sure I was using the FQDN in the HTTP Server profile setup. This is a "duhhh" moment for sure since I had it set up for HTTPS but I was following a guide that used the IP in the example.
I also had to go back and create a different admin user on Minemeld since the API apparently doesn't use the Feed monitoring accounts. After that I had to set up the Basic authentication hash again in the json config.
The server config itself still gives an error of some sort when I attempted a test saying the connection failed "Failed binding local connection end" but going into the actual json configuration on that same HTTP profile for the threat log formats and doing the test there again showed a successful connection and the miner updated with the test indicator.
... View more
07-16-2022
08:33 PM
I noticed an issue with this feature before when I tried to set up an outgoing email on the Correlated Events log settings in the Panorama built-in collector group. My idea was to filter to certain networks and then send an email when a correlated event came in that matched the filter so that a ticket could be created and our desktop services folks could investigate. I never got it working reliably.. usually only got a few sporadic emails and then it would stop working.
More recently, I decided to try something with the Threat logs forwarding. I'm actually trying to forward High and Critical threat information to Minemeld in json format so that I can create a list from the source IPs. I'm getting an error when attempting a test send " SSL peer certificate or SSH remote key was not OK". I've created a cert for the Minemeld server using the firewall and I've added it and the signing cert to Panorama as imported certs. Minemeld has the signed server installed and is using it on HTTPS.
I've tried just sending it as HTTP as well but it isn't working with the miner I set up. In fact, it isn't really clear to me if Panorama is sending it anything at all. To test, I tried modifying IP in the HTTP Server profile to just be my machine (turned off my local firewall) and ran Wireshark.. I saw some data but if it contained the json I'm trying to send then it was encrypted still because I couldn't read it in the capture.
Do I need to turn on authentication requirements for all feeds in Minemeld to clear that SSL cert error? Or is there a process I need to check on Panorama to verify it is evaluating the incoming logs and sending them as part of the log forward configs?
Thanks!
... View more
- Tags:
- log forward
- panorama
06-13-2022
02:44 PM
Thanks! Do you know if you can still control it for other users in your org? I'd like to make the Google MFA option required for everyone on our portal like we used to have.
... View more
06-10-2022
08:40 AM
Ok, I'm at my wit's end with TAC.. after 7 months of explaining the issues, collecting logs, and then starting over when a new agent takes the case, I'm hoping the community can help me. I've had inbound decryption set up for our FTP server for some time. We noticed an issue after updating to 10.0.8 (we're now on 10.1.5-h1 ) where people seemed to not be able to connect anymore. After investigating, it appears that in Filezilla they are actually able to connect but it looks like they aren't because a TLS error occurs and the LIST command fails. Right-clicking on the remote side and hitting Refresh several times will often eventually complete the directory listing. This is with FTPS set to "Require explicit FTP over TLS" and with the Transfer Method set to Default (which I think may be Passive). This issue appears to be intermittent and sometimes it seems to connect fine. Further investigation also showed the following: The TLS error mentioned above when the LIST command fails is "GnuTLS error -110: The TLS connection was non-properly terminated." followed by "Server did not properly shut down TLS connection" followed by "The data connection could not be established: ECONNABORTED - Connection Aborted" and then followed by "Failed to retrieve the directory listing". Decryption logs GUI shows "General TLS Protocol Error" when this happens. Error showing: "Server sent unsorted certificate chain in violation of the TLS specifications" at the start of each connection attempt Changing the Transfer Method to Active seems to make it more reliable as far as connecting without a TLS error and getting the directory listed automatically (it still complains about the certificate chain) Even with Active set, we then sometimes get a message indicating that the connection isn't secure because the server previously was detected as supporting TLS session resumption (I'm assuming this was either working before through the Palo and now it isn't or it's because when we've tested we've connected directly to the server which supports it) Trying another client, WinSCP also doesn't list the directory on Passive.. it works when changed to Active. I have no idea if it is getting any errors/warnings as I haven't noticed if there is a log view in that software. Turning off the decryption rule resolves all of the issues.. the FTP connection is also a lot less verbose (in another words, when decryption is turned on there is a lot more chatting with commands/responses between the client and the firewall/server) It looks like someone else has run into an issue like this before with Passive FTP and it was related to an issue with the content packs https://live.paloaltonetworks.com/t5/general-topics/passive-ftp/td-p/11573 Anyone else having any issues or have any experience in what I can do to resolve this? Thanks!
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-18-2022
03:16 PM
|
Likes From
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks