About GCSS-RT

GCSS-RT · ‎05-17-2019

Oh, got it. I didn't realize that setting could determine where log entries would show up. I learned something new today! I appreciate that.

GCSS-RT · ‎05-17-2019

Is this the only way? We can't make it alert to the Threat or URL Filtering log as the categories do?

GCSS-RT · ‎05-17-2019

Good morning! I'm trying to figure out if it's possible to throw an "alert" log entry when a specific application is accessed. I know it can be done with categories, but I'd like to do the same with specific applications. I can always filter my Traffic Monitor for that application, but sometimes it's much more convenient to set the "alert" status to "on" to monitor before denying access to an application to get a better understanding of who's accessing it and why. Any advice?

GCSS-RT · ‎05-09-2019

Well, not really. I use appID, but was trying to use IP groups to be sure I was catching all the devices while we work on getting userID identifying users correctly. There are multiple things keeping userID from working correctly. Some of those things are network related. So, I'm only using the IP groups temporarily while we get userID working. How are your zones configured? Do you have a zone that covers each network segment or something?

GCSS-RT · ‎05-09-2019

I guess I should have used different terminology. I have IP address groups configured for each of my locations that correspond to the IP subnets of each of my buildings. Some IP addresses (end-user devices) do not get the policies applied that are assigned to their respective IP group on the PAN while others do. For instance, one IP will get a policy applied that blocks an application while another IP in that same group will "skip" that policy and get the default policy that resides at the very bottom of my policy list. Does that help?

GCSS-RT · ‎05-09-2019

Hello everyone! Let me preface this discussion questionb by acknowleding that I've inherited a PAN configuration that I know has issues. With that said, I'm noticing that some devices do not get the correct policies applied when others that are in the same groups do. I'm going to ask a question that may be WAY too generic. If it is, please tell me so and I will get on a support call. I've just had much better response times and better luck with everyone here. The question is do you guys think the reason some devices get different policies has anything at all to do with the way our network is configured or does this have to be a PAN configuration issue?

GCSS-RT · ‎03-21-2019

Hello all, I've read multiple documents from PA and read some on the forums here, but cannot find anything definitive on this. What I'm trying to find out is what is the best practice/most effective way to configure a Security Policy for filtering. I understand there are several ways to do this, but I've found that the way I've been doing it doesn't always seem to work the best. Are there any issues with the following config? Create a Security Policy and set the Action to Allow. Set a URL Filtering Profile. Create a Custom URL Category for Allowed URLs. Create a Custom URL Category for Denied URLs. Apply these Custom URL Categories inside the URL Filtering Profile. Set other categories to Deny within the URL Filtering Profile. If I were to set the Action for a Security Policy to Deny, does that Deny all traffic that matches? Any advice will be very helpful. Thanks.

GCSS-RT · ‎02-26-2019

Here's the CLI output for this security policy. Let me know what else I can supply that might help. set rulebase security rules "EES Network" from trust set rulebase security rules "EES Network" to untrust set rulebase security rules "EES Network" source Network_EES set rulebase security rules "EES Network" destination any set rulebase security rules "EES Network" service any set rulebase security rules "EES Network" application any set rulebase security rules "EES Network" action allow set rulebase security rules "EES Network" log-end yes set rulebase security rules "EES Network" source-user any set rulebase security rules "EES Network" category any set rulebase security rules "EES Network" hip-profiles any set rulebase security rules "EES Network" disabled no set rulebase security rules "EES Network" log-start yes set rulebase security rules "EES Network" profile-setting profiles url-filtering EESNetwork-Filtering-Profile set rulebase security rules "EES Network" profile-setting profiles virus ANTIVIRUS set rulebase security rules "EES Network" profile-setting profiles spyware SPYWARE set rulebase security rules "EES Network" profile-setting profiles vulnerability VULNERABILITY

GCSS-RT · ‎02-26-2019

Reset the zone settings to any/default?

GCSS-RT · ‎02-26-2019

I think I'm following what you guys are saying. The only settings I have in the policy are as follows: Source Tab: trust source zone IP range as source address Destination Tab: untrust destination zone Actions Tab: Allow action appropriate profiles applied under the Profile Settings section everything else is set to "any" or the default setting. Does this info help?

GCSS-RT · ‎02-25-2019

Hello everyone, I'm hoping someone can help me understand why a security policy is not applying the way I thought it should. Here's what I have: I have each of our schools configured on different DHCP scopes. I then created an Address Object using slash notation for each of those DHCP scopes on the PAN. I then created a security policy per address object (per school building) and added the slash-notated address object as the source address. The question I have is this...shouldn't this security policy apply to EVERY device that grabs an IP address from within the slash-notated network I created and designated as the source address in the security policy no matter if there is a username associated to the device or not?

GCSS-RT · ‎02-21-2019

Got it. I'll check to verify the differences and move on from there. I appreciate the help.

GCSS-RT · ‎02-21-2019

Understood. I do allow web-browsing and ssl already. I was just wondering since the warnings come up when I commit if I don't add those dependencies to that allow rule. I assume I can just ignore those warnings?

GCSS-RT · ‎02-21-2019

Perfect! Thank you. So, if the dependencies are "web-browsing" and "ssl" and I allow those in that policy...those allowances will not affect other policies already in place, right?

GCSS-RT · ‎02-21-2019

Hello everyone, I searched this topic before posting and couldn't find an exact answer so I'm asking the question here. I have blocked a specific category that includes multiple appplications. I now need to allow one of those applications, but keep the category blocked as it is. Do I just create a new policy just about the blocked category policy and allow the application? If so, do I also need to allow the dependencies it warns me about? Thank you for any advice that you can share.

Date Registered	‎01-09-2018 08:10 AM
Date Last Visited	‎05-15-2020 02:48 PM
Total Messages Posted	15
Total Likes Received	1

Online Status	Offline
Date Last Visited	‎05-15-2020 02:48 PM

About GCSS-RT

Re: Alert When Accessing Application

Re: Alert When Accessing Application

Alert When Accessing Application

Re: Rules Not Applying Appropriately

Re: Rules Not Applying Appropriately

Re: Allow application from a blocked category

Re: Alert When Accessing Application

Re: Alert When Accessing Application

Alert When Accessing Application

Re: Rules Not Applying Appropriately

Re: Rules Not Applying Appropriately

Rules Not Applying Appropriately

Security Policy Best Practice

Re: Security Policy Application

Re: Security Policy Application

Re: Security Policy Application

Security Policy Application

Re: Allow application from a blocked category

Re: Allow application from a blocked category

Re: Allow application from a blocked category

Allow application from a blocked category

Network Security

Cloud Security

Security Operations

About GCSS-RT