Hello, We get large amount of high severity threat alarm when users visit Yahoo, they were triggered by this url s.yimg.com/aaq/yc/js/tdv2-applet-canvass.8739955d2bd825cb0aa2.min.js ( 8739955d2bd825cb0aa2 is a random string that changes everytime ). I would like to setup an exception for s.yimg.com, but its ip always changes too and you can only exclude static ip address. What would be the best way to fix this? TIA
... View more
1) If you're currently using Let's Encrypt certs with PAN-OS and your workflow does not look like the above, can you briefly describe it? 2) Is your desired end goal that PAN-OS runs Let's Encrypt natively? If not, what is your desired end goal? 3) In between the end goal and now, would you want a stop-gap solution? 4) If you want a stop-gap solution, what form should it take? A standalone executable / script? Ansible module? Terraform resource? Tie-in to an existing Let's Encrypt client, such as certbot or acme.sh? 1. We don't use Lets Encrypt certs with PAN-OS currently because it's a pita to manage cert renewal manually as you have to do it every 90 days. We do run certbot on our other web servers, it runs everyday and renew only when cert is near expiring, it also swap out certs and flush apache cache automatically. If there is any error, an email is sent to me. 2. Natively or not, I think making the process automatic and simple is what I would expect. 3. and 4. Yes. it doesn't really matter as long as it can automate the process, or at least automate as much as possible, so that functions in PAN-OS don't fail just because admin forgot to renew the certs. Other comment: Please also make domain ownership validation options flexible as everyone's setup is different. In our case, xyz.com as well as DNS is controlled by headquarter, branchvpn.abc.com and branchvpn2.abc.com are issued to us. We won't be able to prove ownership of xyz.com but branchvpn.abc.com or branchvpn2.abc.com. And we can only use .well-known files method, and not DNS TXT method as we do not control DNS server.
... View more