cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

About Christophe_Savoy

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Christophe_Savoy
3 weeks ago
since ‎09-22-2016
L1 Bithead
User Activity
User Profile
User Badges
Public Statistics
Date Registered ‎09-22-2016 01:48 AM
Date Last Visited 3 weeks ago
Total Messages Posted 6

Re: Azure ip-range list EDL size

by in MineMeld Discussions
‎02-04-2021 08:33 AM
‎02-04-2021 08:33 AM
Hi Marcus,   I'm new with Minemeld and never used the old Azure Miner.  But I found the list we get using the new miner very big and investigated further.   The solution I found is to set a filter in the Minemeld processor, selecting only the prefixes having a null value "" into the azure_system_service_list" :     This way you get all the "AzureCloud" prefixes, which should be like the old miner...   If that's not enough, you can also play with some "Regional" filters, like this :       NB : Do not use this basic filter  - azure_region == 'uksouth'   Because most prefixes appears twice in the .json file, one in the regional section, and a second time in the 'null' section at the end. And the default Miner retains only the last value it sees, i.e (view of the log) :     ... View more

Re: Azure : troubles with the azure-public-cloudIPsWithServiceTags Miner, same prefix in multiple Azure Regions

by in MineMeld Discussions
‎02-04-2021 02:00 AM
‎02-04-2021 02:00 AM
I found the answer here, thank you Dpurton   https://live.paloaltonetworks.com/t5/minemeld-discussions/azure-active-directory-ip-ranges/m-p/310699#M3569   Here is my final filter :   infilters: - actions: - accept conditions: - __method == 'withdraw' name: accept withdraws - actions: - accept conditions: - contains(azure_region_list, 'switzerlandn') == true name: accept switzerlandn - actions: - drop name: drop all   Apply this filter into an aggregator of type " stdlib.aggregatorIPv4Generic" and you will get all the prefixes for the desired region. If you need many regions, just add many actions, like this :   - actions: - accept conditions: - contains(azure_region_list, 'switzerlandn') == true name: accept switzerlandn - actions: - accept conditions: - contains(azure_region_list, 'northeurope') == true name: accept northeurope   ... View more

Azure : troubles with the azure-public-cloudIPsWithServiceTags Miner, same prefix in multiple Azure Regions

by in MineMeld Discussions
‎02-03-2021 10:59 PM
‎02-03-2021 10:59 PM
Hello,   Using Miner "azure-public-cloudIPsWithServiceTags", I'm trying to get all the subnets from the Azure Region "switzerlandn". I am using a filter I found in this forum :   - actions: - accept conditions: - azure_region == 'switzerlandn' - share_level == 'green' name: accept azure IP for region switzerlandn   But it doesn't work... I have only a few prefixes   Looking at the .json file, I found the missing prefixes in 2 sections, the first is my "switzerlandn" section, the other has no label :   "name": "AzureCloud", "id": "AzureCloud", "properties": { "changeNumber": 61, "region": "", "regionId": 0, "platform": "Azure", "systemService": "", "addressPrefixes": [ "13.64.0.0/16", "13.65.0.0/16", ...     Looking at Minemeld's logs, I see the following for a missing prefix (ouput of azure-public-cloudIPsWithServiceTags Miner) :   "_age_out": 4294967295000, "confidence": 100, "azure_system_service_list": [ "" ], "azure_platform_list": [ "azure" ], "azure_region": "", "share_level": "green", "azure_platform": "Azure", "_last_run": 1612367795560, "sources": [ "azure-public-cloudIPsWithServiceTags" ], "azure_name": "AzureCloud", "azure_name_list": [ "azurecloud", "azurecloud.switzerlandn" ], "azure_id_list": [ "azurecloud", "azurecloud.switzerlandn" ], "azure_region_list": [ "", "switzerlandn" ], "azure_system_service": "", "first_seen": 1611921383932, "azure_id": "AzureCloud", "type": "IPv4", "last_seen": 1611921383932 }     Did you see the value of azure_region and the azure_region_list ? This explains why my filter (azure_region == "switzerlandn") doesn't work. The Miner puts in the "azure_region" field the last value it read from the .json file... And in my case the last value is ""...   Now my questions : - I'm looking for a filter that will test if "switzerlandn" is contained in the azure_region_list. Any idea ? - Or a way to modify the Miner, to avoid the "concatenation" of the prefixes that appear twice in the .json file.   Any idea ?   Thanks for your help !   Christophe ... View more

Source and Destination NAT using 2 different NAT rules

by in General Topics
‎06-18-2020 11:14 PM
‎06-18-2020 11:14 PM
Hello everybody,   We are trying to replace our Lan-to-Lan concentrator (currently a Cisco ASA) with a PAN-5220 version 8.1.   On the Cisco ASA firewall, we are currently doing source and destination NAT for each incoming connection.   We change the  source IP address because our partners use many different private subnets that we can't route or that we also use. And we also change the destination IP address, for the same reason. We change our internal private IP address to some public IP addresses that our partners can easily route to us.   On Cisco Asa we configure NAT rules based on objects. The source NAT is configured for each partner's subnet and the destination NAT is configured for each of our servers. Both NAT are then applied when the connection is made.     Now with Palo Alto...   As only one NAT rule applies, and we want to make source and destination NAT, we are supposed to configure a different NAT rule for each possible connection... As we have ~ 30 partners and ~ 200 servers, this can lead to an endless NAT ruleset, assuming that each partner could reach each server (this is not the case but let's assume...).   Do you have an idea how we can work around that ?   We would like to manage the Source NAT rules on a side and the Destination NAT rules on the other, and have them combined when traffic passes through the Firewall. This means that packets have to pass twice through the NAT ruleset and that's what we are unable to do properly...   The only way we found is to send the packets out of the firewall after the first NAT and then an external router sends the packets back to the firewall in order to match the second NAT rule. We also imagined to use an external cable between 2 interfaces of the PAN firewall, each interface being in a different zone and VR, and use this link as an external loop.   Any other solution that would be more "elegant" ?   Thanks in advance for your suggestion.   Best Regards,   Christophe         ... View more

Re: 8.0.14 How is it for you?

by in General Topics
‎02-11-2019 08:19 AM
‎02-11-2019 08:19 AM
To Terjelundbo,   Would it be possible to get your TAC ticket number or the bug reference please ? I'm facing the same issue with version 8.0.15 and would like further information about the workarounds.   Thanks in advance and best regards,   Christophe     ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
3 weeks ago
Latest Tags
No tags yet
Likes Given To
View All
Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2021 - Palo Alto Networks