This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
About raji_toor
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About raji_toor
06-15-2022
320Posts
16Likes
9Solutions
Jun 15, 2022Last Visited
User
Activity
User
Profile
Latest posts by raji_toor
| Subject | Views | Posted |
|---|---|---|
| 142 | 06-10-2022 02:09 PM | |
| 189 | 06-10-2022 10:15 AM | |
| 707 | 02-07-2022 04:58 PM | |
| 768 | 02-04-2022 08:26 PM | |
| 148 | 01-21-2022 09:01 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 01-25-2021 04:17 PM | |
| 1 Like | 06-22-2021 11:58 PM | |
| 1 Like | 05-19-2020 08:52 AM | |
| 1 Like | 06-15-2021 09:00 AM | |
| 1 Like | 04-28-2020 12:59 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 3 Likes | |||
| 1 Like | |||
| 1 Like | |||
| 6 Likes |
User Badges
Community Statistics
| Member Since | 02-10-2017 09:47 AM |
| Date Last Visited | 06-15-2022 10:53 AM |
| Posts | 320 |
| Total Likes Received | 16 |
06-10-2022
02:09 PM
@lealr1 For us it was the issue with id-manager and had to reset it debug device-server reset id-manager type all
... View more
06-10-2022
10:15 AM
Without decryption server preferred order comes out as this. And after enabling decryption it appears as Looks like PA is doing it. Is there a way to manually control this order on PA
... View more
- Tags:
- decryption
- ssl
- tls
02-07-2022
04:58 PM
@buck1 You can route DR traffic to vsys2, and have NAT hide the IP addresses. So there will be NAT happening twice, once when traffic goes from vsys2 to vsys1 and second when from vsys1(untrust) to internet.
... View more
02-04-2022
08:26 PM
@buck1 I think your best bet is to put both VR's in separate VSYS and then go from there
... View more
01-21-2022
09:01 AM
@almargaris Does this mean, for URL filtering adoption, if a rule only allows ms-rdp, we should not apply any url profile to tat security rule, and should only apply to ssl/web-browsing supporting security rules?
... View more
01-17-2022
07:36 AM
@BPry Thank you, i should have been more careful when trying to render the command.
... View more
01-17-2022
07:29 AM
@Astardzhiev I have never come across issue where PA does improper categorization for our subdomains in last 7 years and new do keep popping up every now and then and we have close to 50. Even if it did new subdomains got through testing phase before and it would come to light then and can be resolved. And I see these as someone not following proper channel to come to our websites and thus see no harm in stopping them as in screenshot below. We can agree to disagree on this, but my initial question still remains why changing to SSL passthrough on F5 does PA see them coming as https://x.x.x.x and not https://domain-name, where as traffic from same sources during test with F5 VIP as SSL offload or SSL bridging this is not an issue.
... View more
01-14-2022
04:06 PM
@nikoolayy1 This what I said originally, the command in your linked articles doesn't display more than 100 items in EDL request system external-list show type url name Custom-URLs Custom-URL2-S Total valid entries : 2295 Total ignored entries : 0 Total invalid entries : 0 Total displayed entries : 100 Valid urls:
... View more
01-14-2022
12:07 PM
@Astardzhiev We are not using self signed cert. All 3 in the chain Firewall. F5 and Server have public cert on them in this scenario. And regarding applying URL filtering on own webservers, you can say i am simply satisfying the BPA, but it does provide a good purpose if we donot want our server hit with IP and must be accessed by domain name only..And this is exactly what is happening here.
... View more
01-14-2022
11:13 AM
I need the whole output from an EDL but command only displays 10. Even in the rest API. GUI works but i can't export it form there. Source was deleted and now i need to restore all the entries in that EDL Total valid entries : 2295 Total ignored entries : 0 Total invalid entries : 0 Total displayed entries : 100
... View more
01-11-2022
10:10 AM
https://live.paloaltonetworks.com/t5/general-topics/extra-certs-inbound-decryption/m-p/457936 Adding to the previous discussion with same setup where PA is doing decryption and the F5 is doing SSL bridging/offload while proxying for the server behind it. If we do SSL bridging/offload SSLlabs test goes fine with PA doing decryption and F5 will present cert. URLs show as domain.com If we do SSL passthrough where F5 will not present certificate on server's behalf and server itself is responsible for presenting the cert. SSLlabs test gets blocked by our policy to block medium-risk/unkown category. URLs show as IP x.x.x.x. Server supports 1.3 and 1.2 while on PA we can only do 1.2..on 9.1 Website did work normally in browser I wonder why is there a change.
... View more
01-11-2022
07:48 AM
@Astardzhiev Thanks for pointing that out, When I checked the PEM file it had duplicate entries from flawed conversion before importing. On correcting this and reimporting it works as expected.
... View more
01-10-2022
08:31 AM
We have PA doing inbound decryption in front of F5 which is proxying a web server. F5 is doing SSL bridging. That is it terminates the SSL connection and starts new connection to the server from itself. Website itself works fine. When we do SSLlabs test on it we get extra certs error. I am not sure why the certificates are being duplicated. On clicking the download server chain link on the side of the result we get dual entries for the cert. Its duplicating both the server cert and intermediate cert making it 4 where it should be only be 2 certs. NGFW SSL Decryption
... View more
- Tags:
- decryption
11-17-2021
09:03 PM
After 3 months it seems issue has been identified and using commands in this article resolved the issue with passive firewall. Active will be upgraded and reset in the next outage window. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boS5CAI
... View more
11-09-2021
11:19 PM
Just watched an interesting way of hiding C2 traffic which bypasses Palos in the demonstration. Would be good to know if there is solution to capture this. https://www.youtube.com/watch?v=eVr0kKdgM2I
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-15-2022
10:53 AM
|
Likes Given To
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks