Hey guys, As I'm sure most of us are, I'm seeing a huge string of issues related to Cryptolocker lately. I've reviewed the several articles floating around on how Palo Alto units deal with this, the fact is I'm seeing spam emails get through encouraging users to download executables which always come up as clean as far as PA's build in AV goes. Wildfire does appear to have a very successful history for us of identifying these infections. However, an alert is often proceeded immediately with an outbreak, at which point it's too late. What options may exist here? Given the recent scale of damage, most users would be happy wait a minute while a download is sandboxed before being made available to them, in fact there are competing products already doing that just to run traditional AV. I'm sure this has already been considered, but given the huge scale of the threat, I'd like to around regarding whether I'm missing something, or whether there's any possible way of scripting this to produce the desired effect.
... View more
Hey guys, Some of the iptables servers I'm replacing with Palo Alto firewall provide port forwards to RDP servers. In order to prevent abuse, they were rate limited, such that a single IP can only connect a few times before being blacklisted for a few minutes. This functionality existed within IP tables - is there a way to replicate this within a PA-200?
... View more