Comments
-
First time I've seen that reference TBH (not sure how that's possible, been a SW guy for a really, really long time). Great stuff. Thanks again!
-
@Nat, thanks for the details. We use TLSI everywhere we can convince folks to do it! I just wasn't sure of the proper way to create the match object. Much appreciated!
-
If I'm not mistaken, this option essentially tells the device to not even load the "low" level threat database. It's the largest of the threat db's and as such, you save a ton of resources on the device. Since most people don't detect/block on low-level threats, it can provide you with a much better-performing box when you…
-
Are you losing link on the interface or just logically losing your connection? Do you have polling set up on FOLB and/or have you looked through the logs for drops? If you poll via FOLB, you should see an indicator of when it goes down as well as whether one or both of your targets become unreachable. Set a target to your…
-
Great tool @Larry! Thanks for sharing that. Still trying to figure out how to build an appropriate match object to detect and reset/drop if this is seen. Not sure if I'm looking to do a partial match on HTTP Requestor Custom Header or some other object type. If anyone knows, please share. I feel like this would be a good…
-
Thanks all. Saw the advisories. More interested in the protections for customer environments via detections/mitigations via App Control, IDS/IPS, etc. In the interim, was hoping to see if anyone was able to build their own mitigations based on the Palo Alto example and confirm that it works?