This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
About A_Adamski
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About A_Adamski
Online
16Posts
3Likes
1Solution
Jun 24, 2022Last Visited
User
Activity
User
Profile
Latest posts by A_Adamski
| Subject | Views | Posted |
|---|---|---|
| 709 | 07-07-2021 06:28 AM | |
| 356 | 07-07-2021 05:54 AM | |
| 1968 | 06-16-2021 07:05 AM | |
| 1971 | 06-16-2021 07:02 AM | |
| 1849 | 06-16-2021 03:03 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 06-16-2021 03:03 AM | |
| 1 Like | 01-05-2021 03:17 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like | |||
| 1 Like | |||
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 11-02-2016 05:09 AM |
| Date Last Visited | 06-24-2022 06:29 AM |
| Posts | 16 |
| Total Likes Received | 2 |
07-07-2021
06:28 AM
Dear Community Members, I hope someone will be able to help me out to confirm the default FPGA states on the PA-3060 appliance and supply some additional info on this matter? As per the knowledgebase article (CAN THE CONTENT INSPECTION PERFORM ONLY IN SOFTWARE OR HARDWARE ON PA-3000 SERIES FIREWALLS?) I see that the used algorithms are: AHO - Hardware (Offloaded) DFA - Software *PSCAN - Software, and it will be replacing AHO (but I could not find any info in regards to when it should happen) Unfortunately, I do not have the needed hardware to execute the command and check it by myself. And I would like to verify what (on default on PA-3050/3060) the output of the command "debug dataplane fpga state" running the PAN-OS 9.1.7 or above is? I'm also interested to find some more info about the change of algorithm from AHO to PSCAN? *Does anyone knows in which PAN-OS release it was changed? Is there any documentation at PA available about this change? I will really appreciate it if someone could help me with those few open points. Thank you in advance! Regards, Arek
... View more
07-07-2021
05:54 AM
Hi M_kallergis, Thank you for your input. We've used a generic wildcard to catch and encrypt all the traffic (*.*). The nature of the problem will not change if we specify other wildcards, as we will still be forced to add facebook-base to get the Instagram page to load fully. In the meantime, the customer decided to go some other way to achieve this. It will be nice to know if someone has found a way to get it to work, cuz unfortunately I will not be spending any more time on this issue. Thank you all for your help! Cheers, Arek
... View more
06-16-2021
07:05 AM
Hi Nicolaj, Thanks for sharing, this might be useful info and a place to start.
... View more
06-16-2021
07:02 AM
Hi Alexander, I've checked the conversation, but I do not really follow it... I guess it's out of my understanding as I'm not sure how it's connected to my issue nor how it could help me. I'm sorry but I'm not so experienced and knowledgeable in regards to Palo Alto as I would like to be. And thanks for your help! Cheers, Arek
... View more
06-16-2021
03:03 AM
1 Kudo
Dear all, In case if anyone will need this info in the future: We've checked this with the Palo Alto Support and it turned out that, The XDR does not support the fully offline environment. The XDR requires network communication for the agent management purpose: Cortex XDR for windows - requirements The Agent installation option for the Content Update package is to reduce the network bandwidth for the initial Agent installation. But the agent must be able to connect to the XDR Cloud for the registration, license allocation, Policy Rule's acquirement and etc. Therefore, the XDR does not support the fully closed network environment. But we still have some options, and might try reaching out to our SE and ask for deployment options or Palo Alto's account team to submit a New Feature Request (NFR). Hope this info helps those who seek an answer to the same question 😉 Have a great one!
... View more
06-16-2021
01:15 AM
I guess, that I've found my mistake. The first security policy (on the top to block facebook.com) should be "allowing" the traffic so then it could be blocked by the URL profile.... but in my case, I've set that policy to "deny" so the profile will never kick in. But it does not explain why did I not have any hits for that rule. So I will be requesting access to the PA lab so I could play with it a bit more. Please let me know in case if someone has any additional suggestions
... View more
06-15-2021
03:53 PM
Hi @vsys_remo , I've tried to create the custom URL category and used the URL profile attached to the security policy allowing the facebook-base and the URLs I've listed in the URL category. During my checks I could see that the Instagram website is connecting to some sites related to Facebook: "connect.facebook.net", "*.fna.fbcdn.net", and the "facebook.com". *(I assume the second one belongs to Facebook too) The goal here is to allow access to the Instagram website (along with the pictures which for some reason seems to be hosted at the Facebook site), but at the same time to block access to Facebook. So I've created an additional security policy on top of the one allowing Instagram traffic in order to block access to the Facebook application and I've used another custom URL where I've listed the "facebook.com" with action to "block". Unfortunately, this did not work as I've expected and I was still able to access the facebook.com websites. The Instagram website was working correctly and I could see the pictures loading fine, but at the same time, Facebook.com was still not blocked (and that's not what we want). This should work, so I'm really not sure what I've might be still missing. Could you please help me understand if I'm doing something wrong? And maybe even point me out in the correct direction? I will appreciate any help on that matter. Thank you in advance and kind regards, Arek
... View more
06-15-2021
05:33 AM
Hello Orkan, Thank you for your input, but since the goal is offline operation, a proxy solution does not meet the customer requirements for this scenario. I assume I will need to ask Palo Alto Support to advise on that matter further. I wish you a great day! Cheers,
... View more
06-10-2021
10:18 AM
Dear Palo Alto Community Members, I hope you will be able to help me out or point me in the correct direction. I'm struggling to find appropriate information about the operations for a cortex agent which will not be connected to the internet and will never be able to communicate with the cloud (Cortex XDR). In my customer scenario, the machine is not and will never be connected to the internet. Therefore the agent will never be able to connect to Cortex XDR, not even during/right after installation. While we could find a way to use the Content.zip which is available for download from the PA support portal alongside the installer itself, we are not sure about a way to export policies from Cortex XDR to feed them manually into the “offline” agent. We are also not sure about the license considerations, and the only piece of information I have found was informed that after 30 days when the endpoint has not communicated with Cortex Console we should see 'Connection Lost' notification. But I doubt it could actually be even something we will see in our scenario, as the agent will never communicate with the console. After some digging through the documentation we've come across information about the Cytool which might help to import/export the policies (for Windows and Linux machines). As I understand, in theory, I could import the policies from one agent and then export them to another one, is that correct? Unfortunately, I do not have any options to test it and I'm wondering if anyone had a chance to do it already, or maybe had some experience with a similar scenario and could share some thoughts? I will really appreciate some help on this one. Thank you in advance!
... View more
06-08-2021
03:53 AM
Hi @vsys_remo, Thank you for your response and the suggestion. It's kinda strange as I thought that even if the change within Instagram, and moving ownership (and most likely some part of infrastructure and services) to Facebook, should not change how the application is recognized/classified by the firewall. So I guess there is no way to get it to work when using just the application IDs, right? *Is this not maybe something for the Palo Alto team to look into internally and update/correct the APP-ID info for Instagram? I think I do not have many options left here, and I'll need to try and follow your advice and add the custom URL category to the policy. I wish you a great day ahead!
... View more
06-04-2021
05:42 AM
Dear Palo Alto Community Members, I'm tiring to set up a security policy based on app-ID allowing Instagram but blocking Facebook. Unfortunately, I can't get it to work, and I'm not sure what I might be missing here. The security policy allows all the needed applications, and I've double-checked and added all the required application dependencies, but when going to the webpage we've noticed that the pictures are not loading. The security policy allowing Instagram After further testing, we could confirm that after allowing facebook-base, the images were loading fine. But if we remove facebook-base, Instagram no longer will load the photos although the website will work fine. This has been tested in Chrome, Firefox, and Edge, all give the same results and display the same (without the pictures). The Issue - No pictures Is it possible this is a restriction due to the fact that Facebook owns Instagram, and they likely share the infrastructure where the images are being hosted? Is it makes sense to add the "instagram-base" to allowed applications in the policy if Instagram is already listed there? Is there any known issue that could explain my issue, or I'm just simply miss something in configuration? Could some please share his thoughts on this issue and advice? I will really appreciate some help resolving it. Thank you in advance! Regards, Arek
... View more
01-05-2021
03:17 AM
1 Kudo
Dear Gjenkins, My best wishes in the New Year. Thank you very much for your help and the knowledge you've shared as you've clarified all my doubts. I don't face this issue anymore, but if it will happen again in the future, I'll be reaching out to the PA TAC Support. Thank you and my best regards, Arek
... View more
12-18-2020
03:48 AM
Hey Gjenkins, Thank you for your help. Let me check the links you've supplied, but as I assume if I'll see this happening again the best thing to do is to collect the logs and involve the PA TAC. Let's say the file has been successfully uploaded to WildFilre, the Endpoint does not have any network-related issues, and the file does not exceed 100 MB, so in such a case I should expect the WF verdict and the report within 15-30 min, is that right? I'm wondering how long the detailed analysis and report generation in WF can take time and if there are any other cases when it takes longer to finish after uploading the file to the WF cloud of course (without the things you've already mentioned as network issues, queuing, file size, and sample upload limit ). Best Regards.
... View more
12-16-2020
08:35 AM
Dear PA community members, I've done the research but could not find any info bout the Wildfire limitations nor any issues which could explain why in some cases the WildFire Report arrives with delays. As per WildFire Analysis Concepts: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/endpoint-security-profiles/add-malware-security-profile/wildfire-analysis-concepts.html , *the only limitation mentioned in the documentation is: "Cortex XDR sends unknown samples for in-depth analysis to WildFire. WildFire accepts up to 1,000,000 sample uploads per day and up to 1,000,000 verdict queries per day from each Cortex XDR tenant. The daily limit resets at 23:59:00 UTC. Uploads that exceed the sample limit are queued for analysis after the limit resets. WildFire also limits sample sizes to 100MB. " Based on the documentation WF should be able to deliver a verdict within 10-15 min after uploading the file (PE), which seems to be happening for most of the cases. Unfortunately but for some files, sent for Wildfire analysis after being Prevented (Blocked) on the XDR agent, the Cortex receives the verdict hours (sometimes days) later. The thing is, as per my understanding the wildfire should be able to take just seconds to run the analysis and to generate the report, but for any reason, the Cortex has received it only the next day. Also, I know that as for the Next-Generation Firewalls the signatures will be updated and shared within the next Content Updates, but it's not what I will expect for Cortex / Taps. *Am I missing something here, or it's something for the Palo Alto TAC to check? As additional info, I've noticed that the recent files impacted by this issue have been first prevented (blocked), and on the next day WildFire changed the verdict from "Unknown" to "Benign". Did anyone have similar issues in the past with WF? Could you please advise and point me in the correct documentation? I will appreciate your help to understand this issue. Thank you in advance and kind regards.
... View more
06-19-2020
03:58 AM
Hello everyone, Could anyone advise about how can I configure a GP client (MAC OS device) to get the same IP address? I've found only an option for Widows OS devices, by editing the registry on the client's machine, but unfortunately, I can't find anything similar to MAC OS. Also, I've found the option (2) described in the KB: HOW TO CONFIGURE A GLOBALPROTECT CLIENT TO GET THE SAME IP ADDRESS (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIMCA0) I have a tiny problem with this workaround, as I understand in the case of multiple MAC OS GlobalProtect agents I will need to create an extra Gateway for each user/machine, right? I want to check with you, if maybe someone had already some experience with it and could advise an alternative solution? *Or do I need to submit the feature request? I will appreciate your help and any good pointers in that mater. Thank you all!
... View more
Contact Me
| Online Status |
Online
|
| Date Last Visited |
06-24-2022
06:29 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks