This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About mserrano_uned
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About mserrano_uned
09-12-2016
3Posts
1Like
0Solutions
Sep 12, 2016Last Visited
User
Activity
User
Profile
Latest posts by mserrano_uned
| Subject | Views | Posted |
|---|---|---|
| 7769 | 09-07-2016 03:42 AM | |
| 7826 | 08-29-2016 02:19 AM | |
| 7947 | 08-24-2016 02:36 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 09-07-2016 03:42 AM |
User Badges
Community Statistics
| Member Since | 08-24-2016 01:27 AM |
| Date Last Visited | 09-12-2016 07:56 AM |
| Posts | 3 |
| Total Likes Received | 1 |
09-07-2016
03:42 AM
1 Kudo
Well, in RedHat they insisted in giving access to every akamai server *.akamaiedge.net and *.akamaitechnologies.com both with port 443. Problem is that this is way to open for us (because using SSL you don't really know whats going on there). At the end we found two ways to narrow down the access. Setting up the up2date so it doesn't use the Akamai CDN or specifing one DNS record (a redhat one) that resolves always the same IP thanks to the geolocalization and when Akamai changes it, the PaloAlto firewall will update the new IP minutes later. Thanks for the response (I didn't want to be offtopic so I didn't explain myself too much, if anyone wants more detailed information just let me know).
... View more
08-29-2016
02:19 AM
Sorry for the delay, we were giving it a thought and doing some tests using the list provided by RedHat but we didn't have much success. We found ourselves accessing IPs that weren't in the list. We'll open a case with RedHat support to see if the list isn't updated. Nevertheless, regarding the original question, the way we have set the policy up now it's allowing only specifics types of traffic (yum, ssl and web-browsing), so the fact that those IPs host any other content shouldn't be a concern, that's way we thought the IP range might work for us, and thus the miner request. Before that we tried creating an URL filter, but it didn't work, we assumed it was because being SSL traffic you only could see the header and that probably use IPs instead of URLs or something along the line. Thanks for the response.
... View more
08-24-2016
02:36 AM
Would it be possible to add a miner for the Red Hat Subscription Manager (RHSM)? They do advice to use domains name as filter rather than IP addresess [1] (mainly because they use Akamai's CDN), but we prefer to have that kind of traffic under control. There is a public CIDR list [2], but as you need an account in the RedHat portal, they provide a JSON file [3] that could be downloaded without logging in. [1] https://access.redhat.com/solutions/65300 [2] https://access.redhat.com/articles/1525183 [3] https://access.redhat.com/sites/default/files/attachments/cdn-ranges-2015-07-14.zip Thanks in advance.
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks