About nickcx1

Hi All, PANOS 4.1.14 - PA3020 PA on-box help doesn't give me the answer, so thought I'd ask here. Could someone explain what these settings are exactly. I have an idea but wanted to confirm it. Thanks, Nickcx ... View more

Hi All, PanOSS 5.0.10 The following site (amongst others) hosts a malicious file that I want to block: Download Genieo. The file is a .dmg and I want it blocked to my Mac user estate. Rather than block the URL I thought I would give Custom Signatures > Vulnerability a go. I am following the document Creating_Custom_Signatures-RevA (page 43). File name is InstallGenieo.dmg with Hex of 0000000: 789c 730d 6262 6060 883f cf30 0a46 2400  x.s.bb``.?.0.F$. 0000010: 0087 f401 c878 9ced d43b 0ac2 4010 06e0  .....x...;..@... 0000020: 8885 d7f0 0e1e 20da 888d 10f0 004b c020  ...... ......K. 0000030: 8baf I have created a custom vulnerability Configuration like so: and Standard Signature, And Condition (Transaction) like so: Once pushed from Panorama to my devices I don't see it in the logs as Alerting. I'm sure I'm missing something but being my first attempt, I'm not sure where. Should I add it to the Vulnerability Protection under Security Profiles or something..? Or am I doing this incorrectly in the first place...?:) Any hints would be great, Thanks ... View more

PA2020 4.1.14, 500 users. Recently we have added ~100 more users to our PA2020 and are seeing huge slow-downs for internet. Session stats show our device has a high packet rate and through put. We have been advised that~20,000 packet rate / 120 mb throughput are the limits and anything encroaching 80% of the limit will result in a slow down. Device is up          : 1 day 14 hours 3 mins 38 sec Packet rate           : 34580/s Throughput            : 115023 Kbps Total active sessions : 8801 Active TCP sessions   : 8644 Active UDP sessions   : 33 Active ICMP sessions  : 0 Any suggestions on how to further troubleshoot whether a specific user/rule is responsible or - grabs straws - ANYTHING else I can work through? ... View more

Hi, I want to put together a policy to manage our user's access to online storage. We would like to restrict access to all but a few storage companies (DropBox, Hightail) and wondered how others manage such a task. Also, I'd like to accurately pull a report on the applications that fall under this umbrella. The difficulty I see is that not all of them come under storage-backup with file-sharing and internet-utility being two others. Thanks in advance, ... View more

Hi, Panorama and PA2020s on 4.1.14. Recent Qualys scans on the management ports have pulled up the following. I have read other posts on some of these issues but wanted to hear the forum's thoughts. SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability – Don't believe I can do anything to mitigate this as PanOS does not allow you choose which ciphers should be allowed. However, I could limit the access via HTTPS (and SSH) to the certain subnets or IP range. Would this be enough? OpenSSH J-PAKE Session Key Retrieval Vulnerability - OpenSSH JPAKE is not enabled in the PanOS implementation of SSH, so can I ignore this? OpenSSH Commands Information Disclosure Vulnerability – Not possible to upgrade OpenSSH. Again, there is no option to upgrade the OpenSSH version within PanOS. Lock down to IP range instead? OpenSSH LoginGraceTime Denial of Service Vulnerability – Not possible to upgrade OpenSSH. Again, there is no option to upgrade the OpenSSH version within PanOS. Lock down to IP range instead? Would moving to 5.x be the only choice, and would it cure the above vulnerabilities? Thanks all. ... View more

Hi, PanOS 4.1.14. Is it possible to report on user agent connecting via my 2020? To be able to report on Firefox, Chrome or IE versions for example would be useful . Further still..(and I doubt this..) to instigate a policy based on a user agent? Thanks all Nick ... View more