Kevin Beaumont on Nostr: A reminder about this thread for those returning from holiday - if you're using Palo ...
A reminder about this thread for those returning from holiday
- if you're using Palo Alto firewalls and have DNS Security enabled on anti-spyware policies (you probably do) upgrade to the latest available release (you're running a supported release, right?) as a single DNS packet traversing the data plane (i.e. none management) causes the firewall to fail and fail to boot.
- if you're using Fortigate firewalls, upgrade to latest release (if on 6.4.15 or below, update to latest 7.x).
- if you're using Palo Alto firewalls and have DNS Security enabled on anti-spyware policies (you probably do) upgrade to the latest available release (you're running a supported release, right?) as a single DNS packet traversing the data plane (i.e. none management) causes the firewall to fail and fail to boot.
- if you're using Fortigate firewalls, upgrade to latest release (if on 6.4.15 or below, update to latest 7.x).