This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

About fhewiufhwefhwe

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
fhewiufhwefhwe
‎06-15-2022
since ‎07-16-2018
L4 Transporter
User Activity
User Profile
User Badges
Community Statistics
Member Since ‎07-16-2018 07:13 AM
Date Last Visited ‎06-15-2022 10:53 AM
Posts 104
Total Likes Received 7

Re: BPA Tool False Positives In Shared Versus Vsys1

by in Best Practice Assessment Discussions
‎12-10-2021 12:54 PM
1 Kudo
‎12-10-2021 12:54 PM
1 Kudo
No, I couldn't get any response whatsoever. ... View more

Re: How to Block Community Member

by in General Topics
‎10-18-2021 08:18 AM
‎10-18-2021 08:18 AM
thank you ... View more

How to Block Community Member

by in General Topics
‎10-18-2021 07:36 AM
‎10-18-2021 07:36 AM
How can I block community member repeatedly posting questions on https://live.paloaltonetworks.com/t5/customer-resources/support-pan-os-software-release-guidance/tac-p/441609#M523? ... View more

Re: Zone Heat Map Showing 0% DNS Sinkhole Adoption Between Two Zones

by in Best Practice Assessment Discussions
‎09-08-2021 08:05 AM
‎09-08-2021 08:05 AM
Still having the same issue.  If I go to Adoption Heatmap -> Tags, it's blocklists and denies that show up with 0% DNS Sinkhole adoption.  There are some other policies with 57-86% adoption rate, and every single policy has the same anti-spyware policy.     ... View more

Re: Zone Heat Map Showing 0% DNS Sinkhole Adoption Between Two Zones

by in Best Practice Assessment Discussions
‎09-08-2021 07:03 AM
‎09-08-2021 07:03 AM
I have Sinkhole as the 3rd rule.  I will try making destination zone any from untrust.  I manually listed every zone for source zone, because it caused a false positive on zone protection adoption rate if you use any on any security policy rule.   Anti-spyware already is using sinkole and single-packet capture or extended-capture for listed options on DNS security           ... View more

Re: Zone Protection Any to Any and Any to Untrust

by in Best Practice Assessment Discussions
‎08-27-2021 06:20 PM
‎08-27-2021 06:20 PM
It's impossible to get 100%.  I figured out the bug, and it is impossible to get 100%.  You have to change every single Source Zone that is Any replacing it will each zone.  Once you do that, intrazone-default and interzone-default still show up with Zone Protection Profile not enabled. ... View more

Re: Is possible to get 100% Zone Protection Adoption?

by in Best Practice Assessment Discussions
‎08-27-2021 06:19 PM
‎08-27-2021 06:19 PM
It's impossible to get 100%.  I figured out the bug, and it is impossible to get 100%.  You have to change every single Source Zone that is Any replacing it will each zone.  Once you do that, intrazone-default and interzone-default still show up with Zone Protection Profile not enabled. ... View more

Re: Is possible to get 100% Zone Protection Adoption?

by in Best Practice Assessment Discussions
‎08-27-2021 04:50 PM
‎08-27-2021 04:50 PM
Funnily enough, I think I traced half of the exceptions to rules created to satisfy the Best Practice Assessment  (based on PA's documentation) such as Sinkhole, Drop Inbound PANW Malicious IP, Drop Outbound PANW Malicious IP, BPA SSH Proxy, etc.   ... View more

Re: Is possible to get 100% Zone Protection Adoption?

by in Best Practice Assessment Discussions
‎08-27-2021 04:13 PM
‎08-27-2021 04:13 PM
I've had the same issue for a long time, and just created a post for a similar issue.  The BPA tool may be given a false positive for Source Zone Any to Destination Zone Any and Untrust.  Feels like a software bug.  I have several similar issues I am trying to resolve. ... View more

Zone Heat Map Showing 0% DNS Sinkhole Adoption Between Two Zones

by in Best Practice Assessment Discussions
‎08-27-2021 04:08 PM
‎08-27-2021 04:08 PM
Every single security policy is using the same anti-virus and anti-spyware profile, but the zone heat map is showing 0% DNS Sinkhole adoption for some rules.   There are three Source/Destination Zone pairs where it is showing 0% URL Filtering (because I have rules from specific ipaddresses to specific known FQDNs that should not be blocked by url filtering).  Rather than create separate Url Filtering policy for each rule, I am choosing a url filtering profile that only blocked malicious/phishing/etc. sites.   Any way to resolve?  This seems like a false positive particularly for DNS sinkhole adoption rate. ... View more

Zone Protection Any to Any and Any to Untrust

by in Best Practice Assessment Discussions
‎08-27-2021 03:46 PM
‎08-27-2021 03:46 PM
I am trying to figure out why me zone protection adoption rate is 96% The Zone Adoption Heat Map shows 0% adoption for Any to Any and Any to Untrust How do I resolve these issues? ... View more

Re: Adoption rate for DNS security showing 0% in BPA tool

by in Best Practice Assessment Discussions
‎08-27-2021 03:00 PM
‎08-27-2021 03:00 PM
I've been stuck at 77% post-upgrade.  If I go to Anti-Spyware -> DNS Policies -> I have sinkhole for every source listed.  Under signature policies, I have reset-both with single-packet capture for medium severity to critical severity and default for informational and low severity.  Are you using different settings? ... View more

Re: Office 365 Deployment

by in Best Practice Assessment Discussions
‎08-27-2021 02:52 PM
‎08-27-2021 02:52 PM
lock office365 down to your domain in url filtering ... View more

BPA Tool False Positives In Shared Versus Vsys1

by in Best Practice Assessment Discussions
‎08-17-2021 05:29 PM
‎08-17-2021 05:29 PM
  Anyone found a solution to get the following false positive not to display?   Following all appear enabled, but still show up as failed Interzone Deny Rule With Logging Intrazone Deny Rule with Logging New Apps with Application Filter Inbound Malicious IP Address Feed Outbound Malicious IP Address Feed HIP Profiles Used In Rule Base --- already used security policies where source = vpn   Quic App Deny - I have an exception for traffic from Cisco Umbrella forwarders SSH Proxy / SSH Tunnel - I have a rule configured, but first must allow specific SSH connections   Looking at the Best Practices Assessment pdf file -> Policies, it looks like Device Group(s) vsys1 is passing most of these, but Device Group(s) shared is failing.  I only have a single firewall.  Any idea how to fix these?  I do want to get these fixed up to show the report during an upcoming meeting, and explain where we have compensating controls, not that the report may be incorrect...         ... View more

Re: Decryption Log Forwarding

by in General Topics
‎08-04-2021 11:30 AM
‎08-04-2021 11:30 AM
Thanks BPry for confirming that.  I keep notices *.stretchoid.com traffic probing my VPN.  Forwarding the decrypt errors are one way to review that to potentially add their ipaddresses to a blocklist.  I also have had an issue twice where the firewall rejected valid certificates until a reboot.  I want to be alerted about that as well particularly if the upgrade to 10.0.6 did not solve that issue.  It's too early for me to definitively tell because I had that issue every couple of months, and recently upgraded. ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎06-15-2022 10:53 AM
Latest Tags
No tags yet
LEGAL NOTICES
RESOURCES
Copyright 2007 - 2022 - Palo Alto Networks