Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

NRPE requests getting blocked by Palo Alto TRAPS security pr

https://support.nagios.com/forum/viewtopic.php?t=53119

Page 1 of 1

NRPE requests getting blocked by Palo Alto TRAPS security pr

Posted: Thu Mar 21, 2019 9:12 am
by joshudan
Hi!

We recently implemented a new product, Palo Alto Network's TRAPS security system. This system is now blocking almost all of our NRPE traffic because it sees it as a reverse-shell exploit.

Is this a known issue? Any workarounds or config changes we should make to get this working? We are trying to get them to add exceptions but the security team says that there isn't a way to whitelist this traffic without making exceptions for each of our thousand monitors (not sure how sincere that statement is, but it is all I have to work with)

Any help is greatly appreciated!

-- josh

Re: NRPE requests getting blocked by Palo Alto TRAPS securit

Posted: Fri Mar 22, 2019 1:09 pm
by cdienger
This would be the first time I've hear about this. Is it triggering based on the actual communication or simply on port? If it's the actual traffic that it is triggering on, then one option that could work would be to encrypt the traffic: https://support.nagios.com/kb/article/n ... y-519.html and with nsclient I believe you just need to edit nsclient.ini to contain:

Code: Select all

[/settings/NRPE/server]

ssl options = no-sslv2,nosslv3

use_ssl = 1
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited