About dagibbs

spolo wrote: If it's still failing you may want to call support or open a case via the web on this one.  Here's a couple of CLI commands that may help you diagnose: First, initiate the url database download: > request url-filtering upgrade brightcloud Now check the download log: > tail follow yes mp-log pan_bc_download.log If it helps you, I checked from one of our boxes in Europe and it's having trouble also.  That box does resolve to a different IP than we do here in the US, so not sure if it's something localized or not.  I don't have a lot of time to open a case with support on this right now, but it does warrant further investigation. Hope this helps! Seems to have come good this morning - maybe Brightcloud were having an issue. Thanks anyway ... View more

bhavin_bhatt wrote: Hi, I just came across something quite interesting. A user needs to be able to translate a decent url, but by default translation is blocked by PaloAlto. Once you configure PaloAlto to allow translation, you can actually go into google translate, and translate an adult website into another language and view it within Google translate's page. My question is, i have blocked adult-and-pornography, why can i get to a dirty website, shouldn't palo pick that up. please advice, as one of the users needs translation allowed, but what i explained above is just one of the exploit... cheers Bhavin Simple - because *you* are not going to the dirty web site - Google translate is. You're hitting the Google translate page, and by your own admission you've configured the PA to allow access to it. The PA is doing exactly what it's supposed to - allowing access to the translate page. Think of it as visiting the adult page by proxy. Cheers ... View more

Ronaldgoh wrote: hi i noticed that in some "critical", "high" and "medium" severity vulnerabilities, the default action is just "alert"... especially those brute-force attempts. at the moment, our system is set for default to take care of these.  however, i remember a thread here advising to set the action to "block" for medium severity on the server side vulnerabilities...  is it safe to set action to "block" for "critical", "high" and "medium" severity for server side?  will this break applications? thanks! rgds, - ron If you raise your level to "block" and the threat is detected the firewall will, as the name suggests, block the traffic from transitting. Now, if you're 100% sure the threats being detected are valid, then I suggest you might want to block them. If, however, you're worried about false positives - then don't. The block action may well break soemthing, especially if it triggers a positive threat detection when it's not really a threat. "Alert" is good if you have time to sit and watch threat logs, and can get on top of reported threats immediately - if you're like msot people and DON'T have this time, then block is a good option. Depends how paranoid you are, and how critical potentially blocking a valid action might be. Cheers ... View more