This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About camkim_MDEA
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About camkim_MDEA
08-18-2015
35Posts
2Likes
3Solutions
Aug 18, 2015Last Visited
User
Activity
User
Profile
Latest posts by camkim_MDEA
| Subject | Views | Posted |
|---|---|---|
| 4350 | 09-13-2012 03:42 PM | |
| 4627 | 09-11-2012 10:54 AM | |
| 4907 | 09-10-2012 09:49 AM | |
| 3422 | 12-28-2011 02:09 PM | |
| 3712 | 12-28-2011 11:08 AM | |
| 2282 | 10-12-2011 03:47 PM | |
| 1767 | 09-26-2011 02:14 PM | |
| 3726 | 09-07-2011 07:20 PM | |
| 3831 | 09-07-2011 03:29 PM | |
| 5128 | 09-07-2011 03:20 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 06-20-2011 09:15 PM | |
| 1 Like | 05-20-2011 09:58 AM |
User Badges
Community Statistics
| Member Since | 08-30-2010 05:22 PM |
| Date Last Visited | 08-18-2015 09:06 AM |
| Posts | 35 |
| Total Likes Received | 2 |
09-13-2012
03:42 PM
Understood. But can you explain for customers why we lose access to the category of a URL upon expiration? Should customers not be entitled to the last version that they downloaded prior to expiration of the license?
... View more
09-11-2012
10:54 AM
In practice, after the license expires, the URL DB is purged. (for some reason). Then, depending upon how your settings are configured, it becomes default deny or allow all for URL filtering. I experienced this last year when our renewal was not processed prior to the expiration. For now, I was able to get an extension while our VAR processes our renewal, however I wished that the URL DB and the ability to use categorization would be maintained as of the last download (as it is with Virus defiintions and product updates).
... View more
09-10-2012
09:49 AM
Also, is there a reason why the URL database has to be dumped immediately after the license expires? Just like with Apps and Virus definition, would a customer not be entitled to use the last URL DB downloaded prior to the license expiration?
... View more
Labels:
- Labels:
-
Management
12-28-2011
02:09 PM
So File-blocking is effective under the following conditions: 1) Is identified as an App 2) has file-blocking feature 3) If SSL is used, and is not on the following list https://live.paloaltonetworks.com/docs/DOC-1423 . Just want to get a very clear understanding before allowing download from specific services.
... View more
12-28-2011
11:08 AM
If a download service uses SSL and PAN has an App and file blocking capability, but under SSL Decryption, it is an exception (ala drobpox), are options are pretty limited, correct?
... View more
10-12-2011
03:47 PM
Unless there is a must have feature on 4.x, I think its ok to stay on 3.1.x. One of the more noticeable things on 4.x is that the GUI is slower than on 3.1.x. Plus a few minor issues that are affecting the stability (there are other threads here floating around...) We are on 3.1.9 on a pair of 500's and we are sitting put until they work out the kinks. I would definitely upgrade to 3.1.9 or 3.1.10 to address that unknown issue.
... View more
09-26-2011
02:14 PM
You should be able to change the IP or hostname of object and have those changes be reflected throughout your rule base.
... View more
09-07-2011
07:20 PM
Ah, learn something new every day. They realeased update 265 to alert on certs with the DigiNotar Root Authority, but its not clear if that removes from the device as well or if a different update is required for the device.
... View more
09-07-2011
03:29 PM
I wouldn't expect the PAN to have a list of authorized certificate authorities on the device. This should be updated by each browser and host O/S.
... View more
09-07-2011
03:20 PM
I'd like to see an example of anyone using ftp over port 80. That would rather seem odd. Since you would allow FTP downloads, wouldn't it be easier to create rule disallow FTP PUT?
... View more
08-24-2011
11:02 AM
My guess is that PAN would want you to submit a packet capure of the traffic to see why it would be mis-identified. You should not need to allow FTP through port 25 to accept any SMTP traffic.
... View more
08-19-2011
01:53 PM
I have a pair of PAN-500 in HA on 3.1.9 and our NMS system polls the PAN using SNMP. Everytime I commit a rulechange, i noticed that it stops answering SNMP requests for about 2 minutes. The PAN still passess traffic but I've seen this with ruleset commits and software or definition updates. Is this by design?
... View more
- Tags:
- snmp
08-19-2011
01:49 PM
Let's say I log into the management website of the PAN and make a couple changes to see the way it would look in the ruleset. If i want to discard those changes, are my only options to "revert to last saved configuration" to make sure that none of those changes go into effect? I've noticed that the PAN tends to keep the changes, even after logging out of a management session.
... View more
08-17-2011
03:57 PM
Are you using active directory? or will you be blocking users by IP? (this will come in handy later) First, I would recommend upgrading to 3.1.9, since there are some bugs that I encountered in 3.1.6 and 3.1.8 with URL filtering. There are some guides on the support site that make the upgrade pretty painless. Before you start writing the rules, go to Objects -> Security Profiles -> URL Filtering rules. Create a new URL filtering profile. After you give the url filtering profile a name and description, check the dynamic URL filtering box. Near the bottomf of the window, you will a box called "allow List". Enter the 10 URL that you wish to allow. Now, on the right you will see all the different categories. Go to the very top and find the option "Set for all categories". Under the column "action" set it to block. This means that all the websites in all the categories will be blocked by the PAN. Then click ok. You have a new URL filtering profile that blocks all categories but allows the 10 URL that you have in your whitelist. All you have to do is add this URL Filtering profile to a rule. On the far right of the rule, you will see a column lableled "profile". Click on the word "none" and select the url filerting profile that you created. Now go ahead and test. One last personnal recommendation. It's usually better to write the most specific / constrictive rules ahead of the more general / less restrictive rules. Make sure that your blocking rule is ahead of your general web browsing rule that you have set for the remaining users. Also, are you getting you training at Trace3? I'm sending one of my SE there too for training. Those are good folks there. Ask lots of questions.
... View more
06-20-2011
09:15 PM
1 Kudo
Running it for a week or two , so far so good. We ended up upgrading due to an issue where websites get classified as "unknown", rendering your filtering policies useless.
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks