In my previous blog posts (linked below), we looked at how to allow or block specific websites using URL filtering. In this post, we'll look into how to use URL filtering with SSL decryption for more granular control.
Previously, we saw how to block sites like facebook.com or cnn.com, or allow specific websites blocked by a URL Filtering profile. However, these methods fall short when more granular access is required. Most website traffic today is encrypted with HTTPS, meaning the firewall cannot inspect what's happening within those sessions.
Without SSL decryption, the Palo Alto firewall (or any NGFW) relies on the SNI or CN of the certificate Continue reading
When working with Next-Generation Firewalls (NGFWs), you may come across situations where you need to block specific websites. In this blog post, we'll explore how to block specific sites using a Palo Alto firewall. There are two ways to achieve this, and we'll cover both options.
This blog post assumes you have some familiarity with URL filtering. In a typical setup, you create a URL Filtering profile, configure the categories to allow or block, and attach this profile to your security policies.
Depending on your security requirements, you might block entire categories such as gambling, terrorism, or proxy sites. However, there are times when you only need to block specific sites rather than an entire category.
In this blog post, we'll use cnn.com and samsung.com as examples (no hard feelings toward them, these were just the first sites that came to mind, haha 🙂).
After three and a half years of haggling (the IETF draft that became the RFC was written in May 2021; the original discussions go back to 2013), Nick Buraglio & co managed to persuade pontificators bikeshedding in the v6ops working group that we might need an IPv6 documentation prefix larger than the existing 2001:db8::/32
.
With the new documentation prefix (3fff::/20
) (defined in RFC 9637), there’s absolutely no excuse to use public IPv6 address space in examples anymore.
Transaction processing against relational databases may not be the focus of the datacenter, as it was when IBM created the first relational database and Oracle was founded to compete against it in the late 1970s. …
Oracle Revs Up Exadata Database Machines To X11M was written by Timothy Prickett Morgan at The Next Platform.
IT companies have spent billions of dollars creating ways to move data more efficiently and cheaply in an increasingly distributed world of on-premises datacenters, multiple clouds, and the edge. …
A Novel Way To Compact Data For More Efficient Storage And Transmission was written by Jeffrey Burt at The Next Platform.
One of the big questions about IPv6 is: “Should you use /64’s for subnets?” Tom Coffeen joins Eyvonne Sharp, Rick Graziani, and Russ as we discuss the various questions surrounding IPv6 addressing, planning, waste, and … should you /64?
Welcome to Technology Short Take #185, the first of 2025! I’m excited for the opportunity to continue to bring readers articles and links of interest across data center- and cloud-related technologies (along with some original content along the way). I had originally intended for this post to be my last post of 2024, but personal challenges got in the way. Enough of that, though—on to the content!
If you use URL filtering on your Palo Alto firewalls, you may come across situations where a specific URL category is set to block, but you need to allow certain sites. For example, you might block the 'social networking' category but still want to allow access to Facebook. Similarly, you may block 'newly registered domains,' but need immediate access to a site categorized as such. While you can request Palo Alto to re-categorize the site, sometimes you need a quicker solution.
In this blog post, we'll look at how to allow access to specific URLs that match a blocked URL category. There are two ways to achieve this, and I’ll cover both.
This blog post assumes you have some familiarity with URL filtering. In a typical setup, you create a URL Filtering profile, configure the categories to allow or block, and attach this profile to your security policies. For instance, if you block the 'proxy-avoidance' category and try to access a site like expressvpn.com, the traffic will be blocked.
To demonstrate this, I'll set the 'proxy-avoidance' category to block. This means that if I try to access expressvpn.com, it will be blocked. Continue reading
XtendISE is a user-friendly web application integrated with Cisco ISE and designed to simplify daily tasks and common challenges related to 802.1X without requiring extensive training on Cisco ISE. XtendISE helps manage MAC addresses, troubleshoot 802.1X authentication issues, and simplify the management of switch 802.1X configurations. It also validates configurations to ensure they are set up correctly and as intended.
We covered the basics of XtendISE in a previous article linked below. In this blog post, we will explore in detail three key features that XtendISE offers.
Typically, when a device doesn’t support 802.1X, we collect its MAC address and add it to a specific group in Continue reading
netlab release 1.9.3 brings these new features:
Other new features include:
COMMISSIONED: Retrieval-augmented generation (RAG) has become the gold standard for helping businesses refine their large language model (LLM) results with corporate data. …
Scaling Retrieval Augmented Generation With RAGOps And Agents was written by Timothy Prickett Morgan at The Next Platform.
A friend of mine recently wrote a nice post explaining how netlab helped him set up a large network topology in a reasonably short timeframe. As expected, his post attracted a wide variety of comments, from “netlab is a gamechanger” (thank you 😎) to “I prefer traditional labs.” Instead of writing a bunch of replies into a walled-garden ecosystem, I decided to address some of those concerns in a public place.
Let’s start with:
At Cloudflare, we treat developer content like a product, where we take the user and their feedback into consideration. We are constantly iterating, testing, analyzing, and refining content. Inspired by agile practices, treating developer content like an open source product means we approach our documentation the same way an open source software project is created and maintained. Open source documentation empowers the developer community because it allows anyone, anywhere, to contribute content. By making both the content and the framework of the documentation site publicly accessible, we provide developers with the opportunity to not only improve the material itself but also understand and engage with the processes that govern how the documentation is built, approved, and maintained. This transparency fosters collaboration, learning, and innovation, enabling developers to contribute their expertise and learn from others in a shared, open environment. We also provide feedback to other open source products and plugins, giving back to the same community that supports us.
Great documentation empowers users to be successful with a new product as quickly as possible, showing them how to use the product and describing its benefits. Relevant, timely, and accurate content can save Continue reading