This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Ilya_Kuranov
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Ilya_Kuranov
10-23-2020
7Posts
1Like
0Solutions
Oct 23, 2020Last Visited
User
Activity
User
Profile
Latest posts by Ilya_Kuranov
| Subject | Views | Posted |
|---|---|---|
| 6368 | 07-23-2020 05:29 AM | |
| 8245 | 05-12-2020 03:51 AM | |
| 10534 | 02-26-2020 03:13 AM | |
| 10477 | 02-26-2020 02:58 AM | |
| 6900 | 04-18-2019 01:27 AM | |
| 5498 | 08-14-2018 12:44 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 08-14-2018 12:44 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 2 Likes | |||
| 3 Likes | |||
| 1 Like | |||
| 2 Likes | |||
| 3 Likes |
User Badges
Community Statistics
| Member Since | 07-05-2018 05:37 AM |
| Date Last Visited | 10-23-2020 07:34 AM |
| Posts | 7 |
| Total Likes Received | 1 |
07-23-2020
05:29 AM
I also have the same problem, but only on Panorama (9.0.9). I can import the same certificate on NGFW. Did anyone open a case?
... View more
05-12-2020
03:51 AM
Hi! Actually I think @Nehmaan provided a better solution to this problem. You should try it. I use it myself.
... View more
02-26-2020
03:13 AM
Looks cool! But I think 6 should be after 3. Because you use the security rule name in the filter in Log Forwarding settings
... View more
02-26-2020
02:58 AM
Hello, guys! I met this issue and found out the root cause. Many of you know that desktop applications often check certificate. Anydesk does it. So we need to exclude it from SSL decryption, but here is the trick: *.anydesk.com works only for Anydesk website (NGFW detects web-browsing application, see that URL match *.anydesk and exclude the session from decryption), but it doesn't work for the desktop application and here is why: I made a little investigation and found out that the application makes DNS query for random URL, generated upon installation. (Guess it called DGA, but correct me if I wrong) Here is an example: Then it establishes TCP session to IP, that was previously taken from DNS Query and that's all: So our exclusion rules will not work for IP. Solution: 1. Go to Monitor>Traffic and filter logs by application "Anydesk". 2. Export logs to CSV and open it in Excel 3. Find Destination IP column, select all items and delete duplicates 4. Copy this list to *.txt file and create EDL. 5. Use this EDL in No-Decrypt policy 6. PROFIT! You also can go further. According to WHOIS service - backend IP addresses are located in different DCs all over the world. You can take IPs you found in logs and find the whole IP ranges in WHOIS info and use these ranges in EDL. But it doesn't seem safe to me, because many of those IPs in IP range can be used by other applications, not Anydesk, so this is a potential risk.
... View more
04-18-2019
01:27 AM
Hello, @s_quasar if your problem is still actual - try to check this thread: https://live.paloaltonetworks.com/t5/General-Topics/Decrypt-error-with-Inbound-Decryption-DHE-or-ECDHE-on-8-1-3/td-p/248768/page/2 Maybe your problem is related to it
... View more
08-14-2018
12:44 AM
1 Kudo
I met the same issue, but found a problem in Network > Global Protect > Portals > GlobalProtect Portal Configuration > Agent > TrustedRoot CA. There was a certificate, whos CN duplicated the other one. But that certificate wasn't in the Certificates list in Certificates management. Hope it will help somebody.
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks