PAlo Alto 7.0.3 Evader _running config

1.  
2. admin@PA-VM> show config running
3.  
4. config {
5. mgt-config {
6. users {
7. admin {
8. phash <OBSCURED>;
9. permissions {
10. role-based {
11. superuser yes;
12. }
13. }
14. }
15. adminread {
16. permissions {
17. role-based {
18. superreader yes;
19. }
20. }
21. phash <OBSCURED>;
22. }
23. custom_user {
24. permissions {
25. role-based {
26. deviceadmin;
27. }
28. }
29. phash <OBSCURED>;
30. }
31. new {
32. permissions {
33. role-based {
34. superuser yes;
35. }
36. }
37. phash <OBSCURED>;
38. }
39. }
40. }
41. shared {
42. ssl-decrypt {
43. ssl-exclude-cert;
44. trusted-root-CA;
45. forward-trust-certificate mycert;
46. forward-untrust-certificate mycertu;
47. }
48. application;
49. application-group;
50. service;
51. service-group;
52. botnet {
53. configuration {
54. http {
55. dynamic-dns {
56. enabled yes;
57. threshold 5;
58. }
59. malware-sites {
60. enabled yes;
61. threshold 5;
62. }
63. recent-domains {
64. enabled yes;
65. threshold 5;
66. }
67. ip-domains {
68. enabled yes;
69. threshold 10;
70. }
71. executables-from-unknown-sites {
72. enabled yes;
73. threshold 5;
74. }
75. }
76. other-applications {
77. irc yes;
78. }
79. unknown-applications {
80. unknown-tcp {
81. destinations-per-hour 10;
82. sessions-per-hour 10;
83. session-length {
84. maximum-bytes 100;
85. minimum-bytes 50;
86. }
87. }
88. unknown-udp {
89. destinations-per-hour 10;
90. sessions-per-hour 10;
91. session-length {
92. maximum-bytes 100;
93. minimum-bytes 50;
94. }
95. }
96. }
97. }
98. report {
99. topn 100;
100. scheduled yes;
101. }
102. }
103. profiles {
104. decryption;
105. }
106. admin-role {
107. fff {
108. role {
109. device {
110. webui {
111. dashboard enable;
112. acc enable;
113. monitor {
114. logs {
115. traffic enable;
116. threat enable;
117. url enable;
118. wildfire enable;
119. data-filtering enable;
120. hipmatch enable;
121. configuration enable;
122. system enable;
123. alarm enable;
124. }
125. packet-capture enable;
126. app-scope enable;
127. session-browser enable;
128. botnet enable;
129. pdf-reports {
130. manage-pdf-summary enable;
131. pdf-summary-reports enable;
132. user-activity-report enable;
133. report-groups enable;
134. email-scheduler enable;
135. }
136. custom-reports {
137. application-statistics enable;
138. data-filtering-log enable;
139. threat-log enable;
140. threat-summary enable;
141. traffic-log enable;
142. traffic-summary enable;
143. url-log enable;
144. url-summary enable;
145. hipmatch enable;
146. wildfire-log enable;
147. }
148. view-custom-reports enable;
149. application-reports enable;
150. threat-reports enable;
151. url-filtering-reports enable;
152. traffic-reports enable;
153. }
154. policies {
155. security-rulebase enable;
156. nat-rulebase enable;
157. qos-rulebase enable;
158. pbf-rulebase enable;
159. ssl-decryption-rulebase enable;
160. application-override-rulebase enable;
161. captive-portal-rulebase enable;
162. dos-rulebase enable;
163. }
164. objects {
165. addresses enable;
166. address-groups enable;
167. regions enable;
168. applications enable;
169. application-groups enable;
170. application-filters enable;
171. services enable;
172. service-groups enable;
173. tags enable;
174. global-protect {
175. hip-objects enable;
176. hip-profiles enable;
177. }
178. dynamic-block-lists enable;
179. custom-objects {
180. data-patterns enable;
181. spyware enable;
182. vulnerability enable;
183. url-category enable;
184. }
185. security-profiles {
186. antivirus enable;
187. anti-spyware enable;
188. vulnerability-protection enable;
189. url-filtering enable;
190. file-blocking enable;
191. wildfire-analysis enable;
192. data-filtering enable;
193. dos-protection enable;
194. }
195. security-profile-groups enable;
196. log-forwarding enable;
197. decryption-profile enable;
198. schedules enable;
199. }
200. network {
201. interfaces enable;
202. zones enable;
203. vlans enable;
204. virtual-wires enable;
205. virtual-routers enable;
206. ipsec-tunnels enable;
207. dhcp enable;
208. dns-proxy enable;
209. global-protect {
210. portals enable;
211. gateways enable;
212. mdm enable;
213. }
214. qos enable;
215. lldp enable;
216. network-profiles {
217. gp-app-ipsec-crypto enable;
218. ike-gateways enable;
219. ipsec-crypto enable;
220. ike-crypto enable;
221. tunnel-monitor enable;
222. interface-mgmt enable;
223. zone-protection enable;
224. qos-profile enable;
225. lldp-profile enable;
226. }
227. }
228. device {
229. setup {
230. management enable;
231. operations enable;
232. services enable;
233. content-id enable;
234. wildfire enable;
235. session enable;
236. hsm enable;
237. }
238. high-availability enable;
239. config-audit enable;
240. administrators read-only;
241. admin-roles read-only;
242. authentication-profile enable;
243. authentication-sequence enable;
244. user-identification enable;
245. vm-info-source enable;
246. certificate-management {
247. certificates enable;
248. certificate-profile enable;
249. ocsp-responder enable;
250. ssl-tls-service-profile enable;
251. }
252. block-pages enable;
253. log-settings {
254. system enable;
255. config enable;
256. hipmatch enable;
257. cc-alarm enable;
258. manage-log enable;
259. }
260. server-profile {
261. snmp-trap enable;
262. syslog enable;
263. email enable;
264. netflow enable;
265. radius enable;
266. tacplus enable;
267. ldap enable;
268. kerberos enable;
269. }
270. local-user-database {
271. users enable;
272. user-groups enable;
273. }
274. scheduled-log-export enable;
275. software enable;
276. global-protect-client enable;
277. dynamic-updates enable;
278. licenses enable;
279. support enable;
280. master-key enable;
281. }
282. privacy {
283. show-full-ip-addresses enable;
284. show-user-names-in-logs-and-reports enable;
285. view-pcap-files enable;
286. }
287. validate enable;
288. commit enable;
289. global {
290. system-alarms enable;
291. }
292. }
293. xmlapi {
294. config enable;
295. commit enable;
296. }
297. }
298. }
299. }
300. }
301. local-user-database {
302. user {
303. johndoe {
304. phash $1$xdqckbbn$gAn.Yba1EpbgsAppFay/u/;
305. }
306. }
307. user-group {
308. read_only;
309. }
310. }
311. authentication-profile {
312. custom_user_auth_profile {
313. method {
314. local-database;
315. }
316. allow-list all;
317. username-modifier None;
318. }
319. Local {
320. method {
321. local-database;
322. }
323. allow-list all;
324. lockout {
325. failed-attempts 10;
326. lockout-time 0;
327. }
328. }
329. }
330. ssl-tls-service-profile {
331. SSLProfile1 {
332. protocol-settings {
333. min-version tls1-0;
334. max-version max;
335. }
336. certificate GlobalProtect;
337. }
338. SSLProfile2 {
339. protocol-settings {
340. min-version tls1-0;
341. max-version max;
342. }
343. certificate GlobalProtect;
344. }
345. }
346. certificate {
347. <OBSCURED> }
348. }
349. certificate-profile {
350. cert_profile {
351. CA {
352. GlobalProtect;
353. }
354. }
355. }
356. content-preview {
357. application;
358. application-type {
359. category;
360. technology;
361. }
362. }
363. pdf-summary-report {
364. aa {
365. predefined-widget {
366. top-attackers {
367. chart-type table;
368. column 1;
369. row 1;
370. }
371. top-victims {
372. chart-type table;
373. column 1;
374. row 2;
375. }
376. top-attackers-by-countries {
377. chart-type table;
378. column 1;
379. row 3;
380. }
381. top-victims-by-countries {
382. chart-type table;
383. column 1;
384. row 4;
385. }
386. top-attacks {
387. chart-type table;
388. column 1;
389. row 5;
390. }
391. top-spyware-threats {
392. chart-type table;
393. column 1;
394. row 6;
395. }
396. top-viruses {
397. chart-type table;
398. column 2;
399. row 1;
400. }
401. top-vulnerabilities {
402. chart-type table;
403. column 2;
404. row 2;
405. }
406. hruser-top-applications {
407. chart-type table;
408. column 2;
409. row 3;
410. }
411. hruser-top-threats {
412. chart-type table;
413. column 2;
414. row 4;
415. }
416. hruser-top-url-categories {
417. chart-type table;
418. column 2;
419. row 5;
420. }
421. top-application-categories {
422. chart-type pie;
423. column 2;
424. row 6;
425. }
426. top-technology-categories {
427. chart-type pie;
428. column 3;
429. row 1;
430. }
431. top-applications {
432. chart-type table;
433. column 3;
434. row 2;
435. }
436. top-http-applications {
437. chart-type table;
438. column 3;
439. row 3;
440. }
441. top-denied-applications {
442. chart-type table;
443. column 3;
444. row 4;
445. }
446. bandwidth-trend {
447. chart-type bar;
448. column 3;
449. row 5;
450. }
451. risk-trend {
452. chart-type line;
453. column 3;
454. row 6;
455. }
456. }
457. }
458. }
459. }
460. devices {
461. localhost.localdomain {
462. network {
463. interface {
464. ethernet {
465. ethernet1/1 {
466. link-speed auto;
467. link-duplex auto;
468. link-state up;
469. layer3 {
470. ipv6 {
471. neighbor-discovery {
472. router-advertisement {
473. enable no;
474. min-interval 200;
475. max-interval 600;
476. hop-limit 64;
477. reachable-time unspecified;
478. retransmission-timer unspecified;
479. lifetime 1800;
480. managed-flag no;
481. other-flag no;
482. enable-consistency-check no;
483. link-mtu unspecified;
484. }
485. enable-dad no;
486. reachable-time 30;
487. ns-interval 1;
488. dad-attempts 1;
489. }
490. enabled no;
491. interface-id EUI-64;
492. }
493. ip {
494. 10.62.90.3/24;
495. }
496. untagged-sub-interface no;
497. interface-management-profile ALL_mng;
498. }
499. }
500. ethernet1/2 {
501. link-speed auto;
502. link-duplex auto;
503. link-state auto;
504. layer3 {
505. ipv6 {
506. neighbor-discovery {
507. router-advertisement {
508. enable no;
509. min-interval 200;
510. max-interval 600;
511. hop-limit 64;
512. reachable-time unspecified;
513. retransmission-timer unspecified;
514. lifetime 1800;
515. managed-flag no;
516. other-flag no;
517. enable-consistency-check no;
518. link-mtu unspecified;
519. }
520. enable-dad no;
521. reachable-time 30;
522. ns-interval 1;
523. dad-attempts 1;
524. }
525. enabled no;
526. interface-id EUI-64;
527. }
528. untagged-sub-interface no;
529. interface-management-profile ALL_mng;
530. ip {
531. 10.35.1.3/24;
532. }
533. }
534. }
535. ethernet1/3 {
536. link-speed auto;
537. link-duplex auto;
538. link-state auto;
539. tap;
540. }
541. ethernet1/4 {
542. virtual-wire;
543. }
544. ethernet1/5 {
545. virtual-wire;
546. }
547. }
548. tunnel {
549. units {
550. tunnel.1;
551. }
552. }
553. }
554. virtual-wire {
555. "virtual wire group" {
556. interface1 ethernet1/4;
557. interface2 ethernet1/5;
558. }
559. }
560. profiles {
561. monitor-profile {
562. default {
563. interval 3;
564. threshold 5;
565. action wait-recover;
566. }
567. }
568. interface-management-profile {
569. ALL_mng {
570. http yes;
571. https yes;
572. http-ocsp yes;
573. ssh yes;
574. snmp yes;
575. userid-service yes;
576. ping yes;
577. response-pages yes;
578. telnet yes;
579. }
580. }
581. zone-protection-profile {
582. Block_Evasions {
583. flood {
584. tcp-syn {
585. syn-cookies {
586. alarm-rate 10000;
587. activate-rate 0;
588. maximal-rate 1000000;
589. }
590. enable no;
591. }
592. udp {
593. red {
594. alarm-rate 10000;
595. activate-rate 10000;
596. maximal-rate 40000;
597. }
598. enable no;
599. }
600. icmp {
601. red {
602. alarm-rate 10000;
603. activate-rate 10000;
604. maximal-rate 40000;
605. }
606. enable no;
607. }
608. other-ip {
609. red {
610. alarm-rate 10000;
611. activate-rate 10000;
612. maximal-rate 40000;
613. }
614. enable no;
615. }
616. icmpv6 {
617. red {
618. alarm-rate 10000;
619. activate-rate 10000;
620. maximal-rate 40000;
621. }
622. enable no;
623. }
624. }
625. discard-overlapping-tcp-segment-mismatch yes;
626. discard-timestamp yes;
627. discard-malformed-option yes;
628. }
629. }
630. }
631. qos {
632. profile {
633. default {
634. class {
635. class1 {
636. priority real-time;
637. }
638. class2 {
639. priority high;
640. }
641. class3 {
642. priority high;
643. }
644. class4 {
645. priority medium;
646. }
647. class5 {
648. priority medium;
649. }
650. class6 {
651. priority low;
652. }
653. class7 {
654. priority low;
655. }
656. class8 {
657. priority low;
658. }
659. }
660. }
661. }
662. }
663. virtual-router {
664. DGW {
665. protocol {
666. bgp {
667. routing-options {
668. med {
669. always-compare-med no;
670. deterministic-med-comparison yes;
671. }
672. aggregate {
673. aggregate-med yes;
674. }
675. graceful-restart {
676. enable yes;
677. stale-route-time 120;
678. local-restart-time 120;
679. max-peer-restart-time 120;
680. }
681. as-format 2-byte;
682. default-local-preference 100;
683. }
684. enable no;
685. reject-default-route yes;
686. allow-redist-default-route no;
687. install-route no;
688. }
689. rip {
690. reject-default-route yes;
691. enable no;
692. }
693. ospf {
694. timers {
695. spf-calculation-delay 5;
696. lsa-interval 5;
697. }
698. enable no;
699. reject-default-route yes;
700. allow-redist-default-route no;
701. rfc1583 no;
702. }
703. }
704. admin-dists {
705. static 10;
706. ospf-int 30;
707. ospf-ext 110;
708. ibgp 200;
709. ebgp 20;
710. rip 120;
711. }
712. interface [ ethernet1/1 ethernet1/2];
713. multicast {
714. enable no;
715. }
716. routing-table {
717. ip {
718. static-route {
719. "default route" {
720. nexthop {
721. ip-address 10.62.90.1;
722. }
723. interface ethernet1/1;
724. metric 10;
725. destination 0.0.0.0/0;
726. }
727. evader_route {
728. nexthop {
729. ip-address 10.62.90.1;
730. }
731. interface ethernet1/1;
732. metric 10;
733. destination 10.62.90.90/32;
734. }
735. }
736. }
737. }
738. ecmp {
739. algorithm {
740. ip-modulo;
741. }
742. }
743. }
744. }
745. ike {
746. crypto-profiles {
747. ike-crypto-profiles {
748. default {
749. encryption [ aes-128-cbc 3des];
750. hash sha1;
751. dh-group group2;
752. lifetime {
753. hours 8;
754. }
755. }
756. Suite-B-GCM-128 {
757. encryption aes-128-cbc;
758. hash sha256;
759. dh-group group19;
760. lifetime {
761. hours 8;
762. }
763. }
764. Suite-B-GCM-256 {
765. encryption aes-256-cbc;
766. hash sha384;
767. dh-group group20;
768. lifetime {
769. hours 8;
770. }
771. }
772. }
773. ipsec-crypto-profiles {
774. default {
775. esp {
776. encryption [ aes-128-cbc 3des];
777. authentication sha1;
778. }
779. dh-group group2;
780. lifetime {
781. hours 1;
782. }
783. }
784. Suite-B-GCM-128 {
785. esp {
786. encryption aes-128-gcm;
787. authentication none;
788. }
789. dh-group group19;
790. lifetime {
791. hours 1;
792. }
793. }
794. Suite-B-GCM-256 {
795. esp {
796. encryption aes-256-gcm;
797. authentication none;
798. }
799. dh-group group20;
800. lifetime {
801. hours 1;
802. }
803. }
804. }
805. global-protect-app-crypto-profiles {
806. default {
807. encryption aes-128-cbc;
808. authentication sha1;
809. }
810. }
811. }
812. gateway;
813. }
814. tunnel {
815. ipsec;
816. global-protect-gateway {
817. GP-Gateway-N {
818. local-address {
819. interface ethernet1/2;
820. ip 10.35.1.3/24;
821. }
822. ipsec {
823. third-party-client {
824. enable no;
825. }
826. }
827. tunnel-interface tunnel.1;
828. }
829. }
830. }
831. }
832. deviceconfig {
833. system {
834. ip-address 10.35.1.10;
835. netmask 255.255.255.0;
836. update-server updates.paloaltonetworks.com;
837. update-schedule {
838. threats {
839. recurring {
840. daily {
841. at 00:00;
842. action download-and-install;
843. disable-new-content no;
844. }
845. }
846. }
847. wildfire {
848. recurring {
849. every-15-mins {
850. at 1;
851. action download-and-install;
852. }
853. }
854. }
855. anti-virus {
856. recurring {
857. hourly {
858. at 0;
859. action download-and-install;
860. }
861. }
862. }
863. global-protect-datafile {
864. recurring {
865. hourly {
866. at 3;
867. action download-and-install;
868. }
869. }
870. }
871. }
872. timezone <OBSCURED>;
873. service {
874. disable-telnet yes;
875. disable-http no;
876. }
877. snmp-setting {
878. snmp-system;
879. }
880. hostname PA-VM;
881. default-gateway 10.35.1.1;
882. dns-setting {
883. servers {
884. primary 8.8.8.8;
885. }
886. }
887. panorama-server 10.35.1.12;
888. hsm-settings {
889. provider {
890. none;
891. }
892. }
893. }
894. setting {
895. custom-logo {
896. pdf-report-header {
897. name logo_pan.gif;
898. content
899. <OBSCURED>;
900. }
901. }
902. config {
903. rematch yes;
904. }
905. application {
906. notify-user yes;
907. bypass-exceed-queue no;
908. }
909. tcp {
910. urgent-data clear;
911. bypass-exceed-oo-queue no;
912. check-timestamp-option yes;
913. drop-zero-flag yes;
914. }
915. ctd {
916. tcp-bypass-exceed-queue no;
917. udp-bypass-exceed-queue no;
918. }
919. wildfire {
920. report-benign-file yes;
921. report-grayware-file yes;
922. }
923. }
924. }
925. vsys {
926. vsys1 {
927. application {
928. BlogPost {
929. signature {
930. BlogPost {
931. and-condition {
932. "And Condition 1" {
933. or-condition {
934. "Or Condition 1" {
935. operator {
936. pattern-match {
937. pattern specifiedblog\.com;
938. context http-req-host-header;
939. }
940. }
941. }
942. }
943. }
944. "And Condition 2" {
945. or-condition {
946. "Or Condition 1" {
947. operator {
948. pattern-match {
949. pattern post_title;
950. context http-req-host-header;
951. }
952. }
953. }
954. }
955. }
956. }
957. scope protocol-data-unit;
958. order-free no;
959. }
960. }
961. subcategory web-posting;
962. category collaboration;
963. technology browser-based;
964. description "Matches a post to a specified blog";
965. risk 3;
966. evasive-behavior no;
967. consume-big-bandwidth no;
968. used-by-malware yes;
969. able-to-transfer-file yes;
970. has-known-vulnerability no;
971. tunnel-other-application no;
972. tunnel-applications no;
973. prone-to-misuse no;
974. pervasive-use no;
975. file-type-ident no;
976. virus-ident no;
977. data-ident no;
978. }
979. BlogPost2 {
980. signature {
981. BlogPost2 {
982. and-condition {
983. "And Condition 1" {
984. or-condition {
985. "Or Condition 1" {
986. operator {
987. pattern-match {
988. pattern specifiedblog\.com;
989. context http-req-params;
990. }
991. }
992. }
993. }
994. }
995. "And Condition 2" {
996. or-condition {
997. "Or Condition 1" {
998. operator {
999. pattern-match {
1000. pattern post_author;
1001. context http-req-params;
1002. }
1003. }
1004. }
1005. }
1006. }
1007. }
1008. scope protocol-data-unit;
1009. order-free no;
1010. }
1011. }
1012. subcategory web-posting;
1013. category collaboration;
1014. technology browser-based;
1015. risk 1;
1016. evasive-behavior no;
1017. consume-big-bandwidth no;
1018. used-by-malware yes;
1019. able-to-transfer-file no;
1020. has-known-vulnerability no;
1021. tunnel-other-application no;
1022. tunnel-applications no;
1023. prone-to-misuse no;
1024. pervasive-use no;
1025. file-type-ident no;
1026. virus-ident no;
1027. data-ident no;
1028. }
1029. hghgjh {
1030. subcategory voip-video;
1031. category collaboration;
1032. technology client-server;
1033. risk 1;
1034. evasive-behavior yes;
1035. consume-big-bandwidth yes;
1036. }
1037. rg {
1038. default {
1039. port tcp/134;
1040. }
1041. subcategory storage-backup;
1042. category business-systems;
1043. technology network-protocol;
1044. risk 1;
1045. data-ident yes;
1046. }
1047. }
1048. application-group;
1049. zone {
1050. Internal {
1051. network {
1052. layer3 ethernet1/2;
1053. zone-protection-profile Block_Evasions;
1054. }
1055. enable-user-identification yes;
1056. }
1057. External {
1058. network {
1059. layer3 ethernet1/1;
1060. zone-protection-profile Block_Evasions;
1061. }
1062. }
1063. Tap {
1064. network {
1065. tap ethernet1/3;
1066. log-setting all;
1067. }
1068. enable-user-identification yes;
1069. }
1070. }
1071. service {
1072. dns {
1073. protocol {
1074. tcp {
1075. port 53;
1076. }
1077. }
1078. }
1079. testsvc {
1080. protocol {
1081. tcp {
1082. port 1211;
1083. }
1084. }
1085. }
1086. web8001 {
1087. protocol {
1088. tcp {
1089. port 8001;
1090. }
1091. }
1092. }
1093. Webserver8001 {
1094. protocol {
1095. tcp {
1096. port 8001;
1097. }
1098. }
1099. }
1100. }
1101. service-group;
1102. schedule {
1103. Contractor {
1104. schedule-type {
1105. recurring {
1106. weekly {
1107. monday 08:00-05:00;
1108. tuesday 08:00-05:00;
1109. wednesday 08:00-05:00;
1110. }
1111. }
1112. }
1113. }
1114. }
1115. rulebase {
1116. security {
1117. rules {
1118. block_unknown {
1119. to any;
1120. from any;
1121. source any;
1122. destination any;
1123. source-user any;
1124. category any;
1125. application [ unknown-tcp unknown-udp];
1126. service any;
1127. hip-profiles any;
1128. action deny;
1129. }
1130. evader {
1131. to any;
1132. from any;
1133. source any;
1134. destination any;
1135. source-user any;
1136. category any;
1137. application any;
1138. service application-default;
1139. hip-profiles any;
1140. action allow;
1141. log-start yes;
1142. disabled no;
1143. profile-setting {
1144. profiles {
1145. url-filtering default;
1146. data-filtering "Dangerous Data";
1147. virus detect_all;
1148. vulnerability strict;
1149. wildfire-analysis default;
1150. file-blocking block_PE_SMB;
1151. spyware strict;
1152. }
1153. }
1154. description ttt;
1155. }
1156. "Cleanup Rule" {
1157. to any;
1158. from any;
1159. source any;
1160. destination any;
1161. source-user any;
1162. category any;
1163. application any;
1164. service application-default;
1165. hip-profiles any;
1166. action deny;
1167. log-start yes;
1168. disabled yes;
1169. }
1170. Int-DMZ {
1171. to External;
1172. from Internal;
1173. source any;
1174. destination any;
1175. source-user any;
1176. category any;
1177. application facebook;
1178. service application-default;
1179. hip-profiles any;
1180. action allow;
1181. }
1182. }
1183. }
1184. nat {
1185. rules {
1186. "Hide NAT" {
1187. source-translation {
1188. dynamic-ip-and-port {
1189. interface-address {
1190. ip 10.62.90.3/24;
1191. interface ethernet1/1;
1192. }
1193. }
1194. }
1195. to External;
1196. from any;
1197. source "Internal host 1";
1198. destination any;
1199. service any;
1200. to-interface ethernet1/1;
1201. }
1202. "Static NAT" {
1203. source-translation {
1204. static-ip {
1205. bi-directional yes;
1206. translated-address "External Address";
1207. }
1208. }
1209. to External;
1210. from any;
1211. source "Internal Host 2";
1212. destination any;
1213. service any;
1214. to-interface ethernet1/1;
1215. }
1216. }
1217. }
1218. application-override {
1219. rules {
1220. }
1221. }
1222. decryption {
1223. rules {
1224. myssl_no_decrypt {
1225. category streaming-media;
1226. service any;
1227. type {
1228. ssl-forward-proxy;
1229. }
1230. from any;
1231. to any;
1232. source any;
1233. destination any;
1234. source-user any;
1235. action no-decrypt;
1236. disabled yes;
1237. }
1238. myssl_decrypt {
1239. category any;
1240. service any;
1241. type {
1242. ssl-forward-proxy;
1243. }
1244. from any;
1245. to any;
1246. source any;
1247. destination any;
1248. source-user any;
1249. action decrypt;
1250. disabled yes;
1251. }
1252. }
1253. }
1254. captive-portal {
1255. rules {
1256. captive1 {
1257. from any;
1258. to any;
1259. source any;
1260. destination any;
1261. category any;
1262. service default;
1263. action web-form;
1264. }
1265. captive2 {
1266. from any;
1267. to any;
1268. source any;
1269. destination any;
1270. category any;
1271. service default;
1272. action web-form;
1273. }
1274. }
1275. }
1276. }
1277. global-protect {
1278. global-protect-gateway {
1279. GP-Gateway {
1280. roles {
1281. default {
1282. login-lifetime {
1283. days 30;
1284. }
1285. inactivity-logout {
1286. hours 3;
1287. }
1288. disconnect-on-idle {
1289. minutes 180;
1290. }
1291. }
1292. }
1293. remote-user-tunnel-configs {
1294. default_user_config {
1295. split-tunneling {
1296. access-route 10.62.90.0/24;
1297. }
1298. source-user any;
1299. os any;
1300. ip-pool [ <OBSCURED>/8];
1301. authentication-server-ip-pool;
1302. retrieve-framed-ip-address no;
1303. no-direct-access-to-local-network no;
1304. }
1305. }
1306. ssl-tls-service-profile SSLProfile2;
1307. authentication-profile Local;
1308. tunnel-mode yes;
1309. remote-user-tunnel tunnel.1;
1310. }
1311. }
1312. global-protect-portal {
1313. GP-portal {
1314. portal-config {
1315. local-address {
1316. ip 10.35.1.3/24;
1317. interface ethernet1/2;
1318. }
1319. authentication-profile Local;
1320. certificate-profile cert_profile;
1321. ssl-tls-service-profile SSLProfile2;
1322. disable-browser-login-page no;
1323. }
1324. client-config {
1325. client-certificate GlobalProtect;
1326. agent-user-override-key <OBSCURED>;
1327. configs {
1328. agent_config1 {
1329. hip-collection {
1330. max-wait-time 20;
1331. collect-hip-data yes;
1332. }
1333. gateways {
1334. external {
1335. list {
1336. 10.35.1.3 {
1337. manual no;
1338. priority 1;
1339. description external_physical;
1340. }
1341. }
1342. }
1343. cutoff-time 5;
1344. }
1345. authentication-modifier {
1346. none;
1347. }
1348. source-user any;
1349. os any;
1350. agent-ui {
1351. welcome-page {
1352. display no;
1353. }
1354. show-agent-icon yes;
1355. enable-do-not-display-this-welcome-page-again yes;
1356. agent-user-override-timeout 0;
1357. agent-user-override with-comment;
1358. max-agent-user-overrides 0;
1359. can-save-password yes;
1360. can-change-portal yes;
1361. enable-advanced-view yes;
1362. }
1363. agent-config {
1364. rediscover-network yes;
1365. resubmit-host-info yes;
1366. user-switch-tunnel-rename-timeout 0;
1367. can-continue-if-portal-cert-invalid yes;
1368. client-upgrade prompt;
1369. }
1370. connect-method on-demand;
1371. mdm-enrollment-port 443;
1372. refresh-config-interval 24;
1373. use-sso yes;
1374. }
1375. }
1376. root-ca GlobalProtect;
1377. }
1378. }
1379. }
1380. }
1381. import {
1382. network {
1383. interface [ ethernet1/1 ethernet1/2 ethernet1/3 ethernet1/4 ethern
1384. et1/5];
1385. }
1386. }
1387. address {
1388. EXT_NAT {
1389. ip-netmask 192.168.35.226;
1390. }
1391. web_server {
1392. ip-netmask 1.1.1.1;
1393. }
1394. SQL_Server {
1395. ip-netmask 2.2.2.2;
1396. }
1397. LAN {
1398. ip-range 1.1.1.1-222.1.1.1;
1399. }
1400. host_A {
1401. ip-netmask 3.3.3.3;
1402. }
1403. host_B {
1404. ip-netmask 4.4.4.4;
1405. }
1406. test2 {
1407. ip-netmask 1.1.1.2;
1408. }
1409. test3 {
1410. ip-netmask 2.3.2.1;
1411. }
1412. test4 {
1413. ip-netmask 5.4.6.7;
1414. }
1415. badger_host {
1416. ip-netmask 10.35.1.202;
1417. }
1418. badger_host_2 {
1419. ip-netmask 10.35.1.207;
1420. }
1421. Host_lll {
1422. ip-netmask 10.35.1.202;
1423. }
1424. Kali {
1425. ip-netmask 10.62.90.91;
1426. }
1427. Win7 {
1428. ip-netmask 10.35.1.202;
1429. }
1430. "Internal host 1" {
1431. ip-netmask 1.1.1.111;
1432. }
1433. "Internal Host 2" {
1434. ip-netmask 2.2.2.222;
1435. }
1436. "External Address" {
1437. ip-netmask 80.80.81.82;
1438. }
1439. }
1440. profiles {
1441. vulnerability {
1442. conficker-only {
1443. rules {
1444. conficker {
1445. vendor-id any;
1446. cve cve-2008-4250;
1447. severity any;
1448. threat-name any;
1449. host any;
1450. category any;
1451. packet-capture disable;
1452. action {
1453. default;
1454. }
1455. }
1456. }
1457. }
1458. "My Profile" {
1459. rules {
1460. fcvfvvg {
1461. vendor-id any;
1462. cve any;
1463. severity [ critical high medium];
1464. action {
1465. drop;
1466. }
1467. threat-name any;
1468. host any;
1469. category code-execution;
1470. packet-capture disable;
1471. }
1472. "My Rule 1" {
1473. vendor-id any;
1474. cve any;
1475. severity any;
1476. action {
1477. default;
1478. }
1479. threat-name any;
1480. host any;
1481. category any;
1482. packet-capture disable;
1483. }
1484. }
1485. threat-exception {
1486. 36958 {
1487. action {
1488. default;
1489. }
1490. }
1491. 36564 {
1492. action {
1493. default;
1494. }
1495. }
1496. 34231 {
1497. action {
1498. default;
1499. }
1500. }
1501. }
1502. }
1503. }
1504. virus {
1505. detect_all {
1506. decoder {
1507. smtp {
1508. action default;
1509. wildfire-action default;
1510. }
1511. smb {
1512. action default;
1513. wildfire-action default;
1514. }
1515. pop3 {
1516. action default;
1517. wildfire-action default;
1518. }
1519. imap {
1520. action default;
1521. wildfire-action default;
1522. }
1523. http {
1524. action default;
1525. wildfire-action default;
1526. }
1527. ftp {
1528. action default;
1529. wildfire-action default;
1530. }
1531. }
1532. description "detect all";
1533. packet-capture no;
1534. }
1535. "My AV Profile" {
1536. decoder {
1537. ftp {
1538. action default;
1539. wildfire-action default;
1540. }
1541. http {
1542. action default;
1543. wildfire-action default;
1544. }
1545. imap {
1546. action default;
1547. wildfire-action default;
1548. }
1549. pop3 {
1550. action default;
1551. wildfire-action default;
1552. }
1553. smb {
1554. action default;
1555. wildfire-action default;
1556. }
1557. smtp {
1558. action default;
1559. wildfire-action default;
1560. }
1561. }
1562. }
1563. }
1564. data-filtering {
1565. "Dangerous Data" {
1566. description "detect dangerous data";
1567. data-capture no;
1568. rules {
1569. rule0 {
1570. application any;
1571. file-type any;
1572. direction both;
1573. alert-threshold 0;
1574. block-threshold 0;
1575. data-object patter1;
1576. }
1577. }
1578. }
1579. "data filter" {
1580. rules {
1581. rule0 {
1582. application any;
1583. file-type any;
1584. direction both;
1585. alert-threshold 0;
1586. block-threshold 0;
1587. data-object pattern;
1588. }
1589. }
1590. data-capture yes;
1591. }
1592. "Block pattern" {
1593. rules {
1594. rule0 {
1595. application [ facebook-file-sharing gmail-enterprise linkedi
1596. n-posting];
1597. file-type [ doc docx gzip ppt pptx];
1598. direction upload;
1599. alert-threshold 0;
1600. block-threshold 200;
1601. data-object patter1;
1602. }
1603. }
1604. }
1605. }
1606. data-objects {
1607. patter1 {
1608. pattern {
1609. aaa {
1610. regex aaaaaaaab*;
1611. weight 1;
1612. }
1613. }
1614. description "my patters";
1615. }
1616. pattern {
1617. pattern {
1618. pa {
1619. regex abc*da111111;
1620. weight 40;
1621. }
1622. }
1623. }
1624. }
1625. file-blocking {
1626. SEend_to_wildfire {
1627. rules;
1628. }
1629. dddd {
1630. rules;
1631. }
1632. block_PE_SMB {
1633. rules {
1634. block_pe {
1635. application ms-ds-smb;
1636. direction both;
1637. file-type PE;
1638. action block;
1639. }
1640. }
1641. }
1642. test {
1643. rules {
1644. test {
1645. application any;
1646. direction both;
1647. file-type any;
1648. action alert;
1649. }
1650. }
1651. }
1652. file_pro {
1653. rules {
1654. presentations {
1655. application [ facebook-file-sharing gmail-drive];
1656. file-type [ encrypted-ppt encrypted-pptx ppt pptx];
1657. direction upload;
1658. action alert;
1659. }
1660. }
1661. }
1662. }
1663. wildfire-analysis {
1664. SEend_to_wildfire-WildFire {
1665. rules {
1666. "exe doc and PDF emulation" {
1667. application any;
1668. direction both;
1669. file-type [ pdf ms-office pe];
1670. analysis public-cloud;
1671. }
1672. }
1673. }
1674. }
1675. url-filtering {
1676. 8iy77 {
1677. action block;
1678. enable-container-page yes;
1679. log-container-page-only yes;
1680. }
1681. }
1682. custom-url-category {
1683. "<OBSCURED>" {
1684. list <OBSCURED>;
1685. }
1686. }
1687. }
1688. profile-group {
1689. nnnn {
1690. virus detect_all;
1691. vulnerability strict;
1692. spyware strict;
1693. file-blocking SEend_to_wildfire;
1694. wildfire-analysis SEend_to_wildfire-WildFire;
1695. }
1696. "<OBSCURED>" {
1697. virus default;
1698. spyware default;
1699. vulnerability default;
1700. url-filtering default;
1701. }
1702. }
1703. log-settings {
1704. profiles {
1705. all {
1706. traffic {
1707. any {
1708. send-to-panorama yes;
1709. }
1710. }
1711. alarm {
1712. informational {
1713. send-to-panorama yes;
1714. }
1715. low {
1716. send-to-panorama yes;
1717. }
1718. medium {
1719. send-to-panorama yes;
1720. }
1721. high {
1722. send-to-panorama yes;
1723. }
1724. critical {
1725. send-to-panorama yes;
1726. }
1727. }
1728. }
1729. }
1730. }
1731. external-list {
1732. bbb {
1733. recurring {
1734. hourly {
1735. at 00;
1736. }
1737. }
1738. url http://1.1.1.1/1.txt;
1739. type ip;
1740. }
1741. }
1742. threats {
1743. spyware {
1744. 17009 {
1745. signature {
1746. standard {
1747. mysig {
1748. and-condition {
1749. "And Condition 1" {
1750. or-condition {
1751. "Or Condition 1" {
1752. operator {
1753. pattern-match {
1754. pattern jhkh34343+;
1755. context dns-req-answer-section;
1756. }
1757. }
1758. }
1759. }
1760. }
1761. }
1762. order-free no;
1763. scope protocol-data-unit;
1764. }
1765. }
1766. }
1767. default-action {
1768. alert;
1769. }
1770. threatname MyVirus;
1771. severity critical;
1772. direction client2server;
1773. }
1774. 15399 {
1775. signature {
1776. standard {
1777. Sig2 {
1778. and-condition {
1779. "And Condition 1" {
1780. or-condition {
1781. "Or Condition 1" {
1782. operator {
1783. pattern-match {
1784. pattern ewiroewiuroiu+;
1785. context dns-req-section;
1786. }
1787. }
1788. }
1789. }
1790. }
1791. }
1792. order-free no;
1793. scope protocol-data-unit;
1794. }
1795. }
1796. }
1797. default-action {
1798. alert;
1799. }
1800. threatname Virus2;
1801. severity critical;
1802. direction both;
1803. }
1804. }
1805. }
1806. ssl-tls-service-profile;
1807. tag {
1808. Test {
1809. color color2;
1810. }
1811. "New Tag" {
1812. color color15;
1813. comments "disable android pls";
1814. }
1815. }
1816. address-group {
1817. g1 {
1818. static [ host_A host_B];
1819. }
1820. }
1821. }
1822. }
1823. }
1824. }
1825. }
1826.  
1827. admin@PA-VM>