About karimanizer

karimanizer · ‎12-29-2019

Hi @BPry @SteveCantwell , I recently discover that CheckPoint firewalls solve this problem by redirecting the client to another page instead of responding to the initial GET request with a blocking page. Hope that Palo will introduce this feature in later release 🙂 many thanks, karim

karimanizer · ‎12-08-2019

Hi @BPry , | With 9.0 a change was made so that it simply resets the connection instead ... Thanks for the clarification ! The article you are referencing seems to say that the firewall always sends the "Continue" page and it was the browser that sometimes, due to mime-type mismatch, does not display the page. Which is not exactly true. So I thought I had something wrong in my config. Many thanks for both of you, Karim

karimanizer · ‎12-07-2019

Hi SteveCantwell, Thanks for your reply , I tried to dig deeper in this and wanted to see if the firewall was actually sending the continue page on the wire. I took a pcap on the client side and decrypted the traffic and I do not see the continue page sent on the wire. I see only the reset sent by the firewall. I then performed the test via HTTP (without changing the paloalto configuration) and here I see the correct 503 response from the firewall. Does anyone know why the response page is not sent by the firewall when using TLS connection ? Many thanks, Karim

karimanizer · ‎12-05-2019

Hello everyone, I have a PA-VM in version 9.0 .1 , I have setup a File-blocking profile and attached it to my allow-all security policy. The File-Blocking profile has the action of "Continue" for ".exe" file type. In the other hand, I configured a decryption policy. My problem is that when I try to download an .exe file via HTTP I get the "Continue" response page . However when I try to download the same file via HTTPS the download is blocked and no response page is display. I would like to know why the response page is not displayed when the file is downloaded via a TLS connection. many thanks, karim

karimanizer · ‎11-19-2019

Hi team, While reviewing the EDU 210 book v8.0 page 21 we can read: Revert Changes : revert changes to previous saved configuration However from the help icon in the firewall dashboard, Reverting changes restores the settings to the values of the running configuration. I performed some tests and came to the conclusion that the Revert Changes actually restores the settings to the values of the Running Configuration. Just want to ensure with you guys that I got this correctly and I am not missing something. Many thanks for your help , Karim

karimanizer · ‎03-04-2019

Many thanks!

karimanizer · ‎02-25-2019

Hi @reaper , Thanks for your reply, | It is inefficient to first establish a session that requires a client certificate, to then restart a new session that doesn't require a client certificate This is not what I was expecting to happen. For me client certificate authentication is a relyable authenticate method by itself, and the firewall does not need to ask the user to enter its username/password to validate its identity. The senario I was expecting looks like this: if { client_certificate auth is sucessful } get the username from the certificat and map it to its IP adress. else prompt the user to enter username/password. Is it because the firewall sees it as a different authentication factor "something the user have" ? instead of the username/password which are "something the user know"? many thanks,

karimanizer · ‎02-25-2019

anyone ? 😞

karimanizer · ‎02-23-2019

Hello team, To identify my users, I have used Captive Portal with ldap authentication profile. Then I removed the ldap from the captive protal config and added a "Certificate profile", and it works well as well. However, when I assign both an ldap profile AND a certificate profile to my captive portal configuration (Device> User Identification> Captive Portal settings), the paloalto first ask me to provide a client certificat then it allways prompt me for username/ password .... which is not something I want. My question is the following, is there a way to configure to paloalto so that if the client certificate authentication succeed then it doesn't prompt us for username/password. And if the client certificat authentication fails then it does prompt us for username password. I'm in lab environment and I can show my config, Many thanks for your help karim benyelloul

Date Registered	‎08-03-2018 05:24 AM
Date Last Visited	‎12-29-2019 02:35 PM
Total Messages Posted	16
Total Likes Received	2

Online Status	Offline
Date Last Visited	‎12-29-2019 02:35 PM

About karimanizer

Re: File Blocking Continue Page in a TLS connection

Re: File Blocking Continue Page in a TLS connection

Re: File Blocking Continue Page in a TLS connection

File Blocking Continue Page in a TLS connection

The real meaning of "Config>Revert Changes"

Re: File Blocking Continue Page in a TLS connection

File Blocking Continue Page in a TLS connection

Re: File Blocking Continue Page in a TLS connection

Re: File Blocking Continue Page in a TLS connection

Re: The real meaning of "Config>Revert Changes"

Re: Captive portal auth with Client Certificate as first auth method and local auth as fallback

Re: Captive portal auth with Client Certificate as first auth method and local auth as fallback

Re: File Blocking Continue Page in a TLS connection

Re: File Blocking Continue Page in a TLS connection

Re: File Blocking Continue Page in a TLS connection

File Blocking Continue Page in a TLS connection

The real meaning of "Config>Revert Changes"

Re: Captive portal auth with Client Certificate as first auth method and local auth as fallback

Re: Captive portal auth with Client Certificate as first auth method and local auth as fallback

Re: Captive portal auth with Client Certificate as first auth method and local auth as fallback

Captive portal auth with Client Certificate as first auth method and local auth as fallback

Network Security

Cloud Security

Security Operations

About karimanizer