|
|
@@ -1,323 +0,0 @@
|
|
|
-<?xml version="1.0"?>
|
|
|
-<config version="9.1.0" urldb="paloaltonetworks">
|
|
|
- <mgt-config>
|
|
|
- <users>
|
|
|
- <entry name="admin">
|
|
|
- <phash>$1$uqgidqyx$ycpOZ/xupErAt1rjIxvQc0</phash>
|
|
|
- <permissions>
|
|
|
- <role-based>
|
|
|
- <superuser>yes</superuser>
|
|
|
- </role-based>
|
|
|
- </permissions>
|
|
|
- <public-key>c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFERjNwR1U5K0h1ZmdmRWhQUDdQMEx0N2txZkdXTFRHZDZzZkpnU3lwY1NvM0ZQMVhod0ZPV2thTnZaSXBvSWVRWGh1eDV2VG0rUm9xWVovM0dqN2hjR01MZG9IV0FydkxIRDJBR2p4YkZuc21pQ2lvUWdzQy9yWUxCamlXTnNEZFZGNUFyb2ZieS9Sd3ppdk1BaTd5aXZoWTRuR3pYUHNIWm91Y0IwV2kzNC85QW14YnZYV3Y2Y2t1V2tNanJYVmUrdXdGamUzVTdqUUhSVzlqUVJwQ1JSZlVqVkE0Rm1IMFBXcVdGQmx0L3pxc0RQT3pieE5OaEF2eXJKaG83alZCTmpDTHNxMCsrbFQ4QkRLclliYVppVDBGMmM5dUlEUnBISlNkanBxVkNmOWJnaG1lSldZTW9OSEFrR1I3V0NGalBDSjdRTTU3YTJvUkJ0bTFBL0VXY3IgZmRhbXN0cmE=</public-key>
|
|
|
- </entry>
|
|
|
- </users>
|
|
|
- <password-complexity>
|
|
|
- <enabled>yes</enabled>
|
|
|
- <minimum-length>8</minimum-length>
|
|
|
- </password-complexity>
|
|
|
- </mgt-config>
|
|
|
- <shared>
|
|
|
- <application/>
|
|
|
- <application-group/>
|
|
|
- <service/>
|
|
|
- <service-group/>
|
|
|
- <botnet>
|
|
|
- <configuration>
|
|
|
- <http>
|
|
|
- <dynamic-dns>
|
|
|
- <enabled>yes</enabled>
|
|
|
- <threshold>5</threshold>
|
|
|
- </dynamic-dns>
|
|
|
- <malware-sites>
|
|
|
- <enabled>yes</enabled>
|
|
|
- <threshold>5</threshold>
|
|
|
- </malware-sites>
|
|
|
- <recent-domains>
|
|
|
- <enabled>yes</enabled>
|
|
|
- <threshold>5</threshold>
|
|
|
- </recent-domains>
|
|
|
- <ip-domains>
|
|
|
- <enabled>yes</enabled>
|
|
|
- <threshold>10</threshold>
|
|
|
- </ip-domains>
|
|
|
- <executables-from-unknown-sites>
|
|
|
- <enabled>yes</enabled>
|
|
|
- <threshold>5</threshold>
|
|
|
- </executables-from-unknown-sites>
|
|
|
- </http>
|
|
|
- <other-applications>
|
|
|
- <irc>yes</irc>
|
|
|
- </other-applications>
|
|
|
- <unknown-applications>
|
|
|
- <unknown-tcp>
|
|
|
- <destinations-per-hour>10</destinations-per-hour>
|
|
|
- <sessions-per-hour>10</sessions-per-hour>
|
|
|
- <session-length>
|
|
|
- <maximum-bytes>100</maximum-bytes>
|
|
|
- <minimum-bytes>50</minimum-bytes>
|
|
|
- </session-length>
|
|
|
- </unknown-tcp>
|
|
|
- <unknown-udp>
|
|
|
- <destinations-per-hour>10</destinations-per-hour>
|
|
|
- <sessions-per-hour>10</sessions-per-hour>
|
|
|
- <session-length>
|
|
|
- <maximum-bytes>100</maximum-bytes>
|
|
|
- <minimum-bytes>50</minimum-bytes>
|
|
|
- </session-length>
|
|
|
- </unknown-udp>
|
|
|
- </unknown-applications>
|
|
|
- </configuration>
|
|
|
- <report>
|
|
|
- <topn>100</topn>
|
|
|
- <scheduled>yes</scheduled>
|
|
|
- </report>
|
|
|
- </botnet>
|
|
|
- </shared>
|
|
|
- <devices>
|
|
|
- <entry name="localhost.localdomain">
|
|
|
- <network>
|
|
|
- <interface>
|
|
|
- <ethernet/>
|
|
|
- </interface>
|
|
|
- <profiles>
|
|
|
- <monitor-profile>
|
|
|
- <entry name="default">
|
|
|
- <interval>3</interval>
|
|
|
- <threshold>5</threshold>
|
|
|
- <action>wait-recover</action>
|
|
|
- </entry>
|
|
|
- </monitor-profile>
|
|
|
- </profiles>
|
|
|
- <ike>
|
|
|
- <crypto-profiles>
|
|
|
- <ike-crypto-profiles>
|
|
|
- <entry name="default">
|
|
|
- <encryption>
|
|
|
- <member>aes-128-cbc</member>
|
|
|
- <member>3des</member>
|
|
|
- </encryption>
|
|
|
- <hash>
|
|
|
- <member>sha1</member>
|
|
|
- </hash>
|
|
|
- <dh-group>
|
|
|
- <member>group2</member>
|
|
|
- </dh-group>
|
|
|
- <lifetime>
|
|
|
- <hours>8</hours>
|
|
|
- </lifetime>
|
|
|
- </entry>
|
|
|
- <entry name="Suite-B-GCM-128">
|
|
|
- <encryption>
|
|
|
- <member>aes-128-cbc</member>
|
|
|
- </encryption>
|
|
|
- <hash>
|
|
|
- <member>sha256</member>
|
|
|
- </hash>
|
|
|
- <dh-group>
|
|
|
- <member>group19</member>
|
|
|
- </dh-group>
|
|
|
- <lifetime>
|
|
|
- <hours>8</hours>
|
|
|
- </lifetime>
|
|
|
- </entry>
|
|
|
- <entry name="Suite-B-GCM-256">
|
|
|
- <encryption>
|
|
|
- <member>aes-256-cbc</member>
|
|
|
- </encryption>
|
|
|
- <hash>
|
|
|
- <member>sha384</member>
|
|
|
- </hash>
|
|
|
- <dh-group>
|
|
|
- <member>group20</member>
|
|
|
- </dh-group>
|
|
|
- <lifetime>
|
|
|
- <hours>8</hours>
|
|
|
- </lifetime>
|
|
|
- </entry>
|
|
|
- </ike-crypto-profiles>
|
|
|
- <ipsec-crypto-profiles>
|
|
|
- <entry name="default">
|
|
|
- <esp>
|
|
|
- <encryption>
|
|
|
- <member>aes-128-cbc</member>
|
|
|
- <member>3des</member>
|
|
|
- </encryption>
|
|
|
- <authentication>
|
|
|
- <member>sha1</member>
|
|
|
- </authentication>
|
|
|
- </esp>
|
|
|
- <dh-group>group2</dh-group>
|
|
|
- <lifetime>
|
|
|
- <hours>1</hours>
|
|
|
- </lifetime>
|
|
|
- </entry>
|
|
|
- <entry name="Suite-B-GCM-128">
|
|
|
- <esp>
|
|
|
- <encryption>
|
|
|
- <member>aes-128-gcm</member>
|
|
|
- </encryption>
|
|
|
- <authentication>
|
|
|
- <member>none</member>
|
|
|
- </authentication>
|
|
|
- </esp>
|
|
|
- <dh-group>group19</dh-group>
|
|
|
- <lifetime>
|
|
|
- <hours>1</hours>
|
|
|
- </lifetime>
|
|
|
- </entry>
|
|
|
- <entry name="Suite-B-GCM-256">
|
|
|
- <esp>
|
|
|
- <encryption>
|
|
|
- <member>aes-256-gcm</member>
|
|
|
- </encryption>
|
|
|
- <authentication>
|
|
|
- <member>none</member>
|
|
|
- </authentication>
|
|
|
- </esp>
|
|
|
- <dh-group>group20</dh-group>
|
|
|
- <lifetime>
|
|
|
- <hours>1</hours>
|
|
|
- </lifetime>
|
|
|
- </entry>
|
|
|
- </ipsec-crypto-profiles>
|
|
|
- <global-protect-app-crypto-profiles>
|
|
|
- <entry name="default">
|
|
|
- <encryption>
|
|
|
- <member>aes-128-cbc</member>
|
|
|
- </encryption>
|
|
|
- <authentication>
|
|
|
- <member>sha1</member>
|
|
|
- </authentication>
|
|
|
- </entry>
|
|
|
- </global-protect-app-crypto-profiles>
|
|
|
- </crypto-profiles>
|
|
|
- </ike>
|
|
|
- <qos>
|
|
|
- <profile>
|
|
|
- <entry name="default">
|
|
|
- <class-bandwidth-type>
|
|
|
- <mbps>
|
|
|
- <class>
|
|
|
- <entry name="class1">
|
|
|
- <priority>real-time</priority>
|
|
|
- </entry>
|
|
|
- <entry name="class2">
|
|
|
- <priority>high</priority>
|
|
|
- </entry>
|
|
|
- <entry name="class3">
|
|
|
- <priority>high</priority>
|
|
|
- </entry>
|
|
|
- <entry name="class4">
|
|
|
- <priority>medium</priority>
|
|
|
- </entry>
|
|
|
- <entry name="class5">
|
|
|
- <priority>medium</priority>
|
|
|
- </entry>
|
|
|
- <entry name="class6">
|
|
|
- <priority>low</priority>
|
|
|
- </entry>
|
|
|
- <entry name="class7">
|
|
|
- <priority>low</priority>
|
|
|
- </entry>
|
|
|
- <entry name="class8">
|
|
|
- <priority>low</priority>
|
|
|
- </entry>
|
|
|
- </class>
|
|
|
- </mbps>
|
|
|
- </class-bandwidth-type>
|
|
|
- </entry>
|
|
|
- </profile>
|
|
|
- </qos>
|
|
|
- <virtual-router>
|
|
|
- <entry name="default">
|
|
|
- <protocol>
|
|
|
- <bgp>
|
|
|
- <enable>no</enable>
|
|
|
- <dampening-profile>
|
|
|
- <entry name="default">
|
|
|
- <cutoff>1.25</cutoff>
|
|
|
- <reuse>0.5</reuse>
|
|
|
- <max-hold-time>900</max-hold-time>
|
|
|
- <decay-half-life-reachable>300</decay-half-life-reachable>
|
|
|
- <decay-half-life-unreachable>900</decay-half-life-unreachable>
|
|
|
- <enable>yes</enable>
|
|
|
- </entry>
|
|
|
- </dampening-profile>
|
|
|
- </bgp>
|
|
|
- </protocol>
|
|
|
- </entry>
|
|
|
- </virtual-router>
|
|
|
- </network>
|
|
|
- <deviceconfig>
|
|
|
- <system>
|
|
|
- <type>
|
|
|
- <dhcp-client>
|
|
|
- <send-hostname>yes</send-hostname>
|
|
|
- <send-client-id>yes</send-client-id>
|
|
|
- <accept-dhcp-hostname>yes</accept-dhcp-hostname>
|
|
|
- <accept-dhcp-domain>yes</accept-dhcp-domain>
|
|
|
- </dhcp-client>
|
|
|
- </type>
|
|
|
- <update-server>updates.paloaltonetworks.com</update-server>
|
|
|
- <update-schedule>
|
|
|
- <threats>
|
|
|
- <recurring>
|
|
|
- <weekly>
|
|
|
- <day-of-week>wednesday</day-of-week>
|
|
|
- <at>01:02</at>
|
|
|
- <action>download-only</action>
|
|
|
- </weekly>
|
|
|
- </recurring>
|
|
|
- </threats>
|
|
|
- </update-schedule>
|
|
|
- <timezone>US/Pacific</timezone>
|
|
|
- <service>
|
|
|
- <disable-telnet>yes</disable-telnet>
|
|
|
- <disable-http>yes</disable-http>
|
|
|
- </service>
|
|
|
- <hostname>xdr_palo_commercial_common_${index}</hostname>
|
|
|
- <dns-setting>
|
|
|
- <servers>
|
|
|
- <primary>169.254.169.253</primary>
|
|
|
- <secondary>8.8.8.8</secondary>
|
|
|
- </servers>
|
|
|
- </dns-setting>
|
|
|
- </system>
|
|
|
- <setting>
|
|
|
- <config>
|
|
|
- <rematch>yes</rematch>
|
|
|
- </config>
|
|
|
- <management>
|
|
|
- <hostname-type-in-syslog>FQDN</hostname-type-in-syslog>
|
|
|
- <initcfg>
|
|
|
- <public-key>c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFERjNwR1U5K0h1ZmdmRWhQUDdQMEx0N2txZkdXTFRHZDZzZkpnU3lwY1NvM0ZQMVhod0ZPV2thTnZaSXBvSWVRWGh1eDV2VG0rUm9xWVovM0dqN2hjR01MZG9IV0FydkxIRDJBR2p4YkZuc21pQ2lvUWdzQy9yWUxCamlXTnNEZFZGNUFyb2ZieS9Sd3ppdk1BaTd5aXZoWTRuR3pYUHNIWm91Y0IwV2kzNC85QW14YnZYV3Y2Y2t1V2tNanJYVmUrdXdGamUzVTdqUUhSVzlqUVJwQ1JSZlVqVkE0Rm1IMFBXcVdGQmx0L3pxc0RQT3pieE5OaEF2eXJKaG83alZCTmpDTHNxMCsrbFQ4QkRLclliYVppVDBGMmM5dUlEUnBISlNkanBxVkNmOWJnaG1lSldZTW9OSEFrR1I3V0NGalBDSjdRTTU3YTJvUkJ0bTFBL0VXY3IgZmRhbXN0cmE=</public-key>
|
|
|
- <type>
|
|
|
- <dhcp-client>
|
|
|
- <send-hostname>yes</send-hostname>
|
|
|
- <send-client-id>yes</send-client-id>
|
|
|
- <accept-dhcp-hostname>yes</accept-dhcp-hostname>
|
|
|
- <accept-dhcp-domain>yes</accept-dhcp-domain>
|
|
|
- </dhcp-client>
|
|
|
- </type>
|
|
|
- <hostname>xdr_palo_commercial_common_${index}</hostname>
|
|
|
- <tplname>Inbound-Stack-${index}</tplname>
|
|
|
- <dgname>XDR-Interconnects</dgname>
|
|
|
- </initcfg>
|
|
|
- </management>
|
|
|
- </setting>
|
|
|
- </deviceconfig>
|
|
|
- <vsys>
|
|
|
- <entry name="vsys1">
|
|
|
- <application/>
|
|
|
- <application-group/>
|
|
|
- <zone/>
|
|
|
- <service/>
|
|
|
- <service-group/>
|
|
|
- <schedule/>
|
|
|
- <rulebase/>
|
|
|
- </entry>
|
|
|
- </vsys>
|
|
|
- </entry>
|
|
|
- </devices>
|
|
|
-</config>
|
Fred Damstra