PaloAlto Captive Portal XSS Attack

PaloAlto has issued a patch for a XSS attack on the captive portal that I disclosed a few months back. The official advisory can be found here: https://securityadvisories.paloaltonetworks.com/Home/Detail/66 (Detail taken from https://securityadvisories.paloaltonetworks.com/) The attack has been given a CVSS score of 6.1: (Screenshot taken from IBM X-Force: https://exchange.xforce.ibmcloud.com/vulnerabilities/118524) Below follows the original report submitted to PaloAlto … Continue reading PaloAlto Captive Portal XSS Attack

Advertisements

Palo Alto Networks : Firewall Loopback interfaces

In a dual-homed network infrastructure, loopback interfaces are a very valuable configuration option on Palo Alto firewalls. Cisco folk may be more familiar with the use of loopback interfaces, so this article gives a very quick look at some of the uses of a loopback interface in a Palo Alto firewall deployment. The most usedul … Continue reading Palo Alto Networks : Firewall Loopback interfaces

Lessons learned : Global Protect + User ID w/ Palo Alto Networks firewall

Scenario : A palo alto firewall has been successfully setup to use global protect, along with LDAP authentication. Also, USER-ID has been setup internally,with firewall policies written to include username / groups. This allows the firewall administrator to deploy consistent firewall policies to both internal and VPN users, based on active directory groups Problem: After a … Continue reading Lessons learned : Global Protect + User ID w/ Palo Alto Networks firewall

Nugget Post : Quick USER ID tip for palo alto admins

Quick Tip... You're a Palo Alto firewall administrator, and you've setup USER ID to identify all your users and write user-based firewall policies. Problem: some users have linux laptops and do not login to the domain, others are windows users that the USER ID system simply does not pick up. Solution: 1. Create a read … Continue reading Nugget Post : Quick USER ID tip for palo alto admins

Palo Alto Networks : Implementing Conditional Advertising in BGP

Palo Alto networks have an interesting feature in their BGP module called "Conditional Adv" - this is found in the Network > Virtual Routers > default > BGP > Conditional Adv tab of the GUI. There are no concrete examples in their KB of how to implement this, so here is a rundown of why and … Continue reading Palo Alto Networks : Implementing Conditional Advertising in BGP

Connecting to a Palo Alto Network GlobalProtect Gateway from Linux

Please note: this software has only been officially tested on Ubuntu and CentOS distributions. The VPN software uses community based vpnc software, please direct support questions about the actual client to your distribution's support channels. The following documentation is based on Ubuntu 12.04 LTS - Install the following packages on your system: * network-manager-vpnc * … Continue reading Connecting to a Palo Alto Network GlobalProtect Gateway from Linux

Palo Alto Networks: Ignite 2012 User Conference Notes

Following are several links to articles containing my notes taken during the Palo Alto Networks Ignite User Conference 2012 PaloAlto Ignite 2012 notes: IPv6 Security PaloAlto Ignite 2012 notes: USER-ID PaloAlto Ignite 2012 notes: App-ID Nugget Post: Study Material Links for Palo Alto CNSE exam PS a couple more photos here