File Blocking Rulebase and Action Precedence

File Blocking Rulebase and Action Precedence

32798
Created On 09/25/18 17:36 PM - Last Modified 01/02/20 23:05 PM


Resolution

Issue

In some instances, File Blocking profile rules are not following a top-down order of operations when applying actions.

 

Cause

Overlapping File Blocking Profile rules exist with different actions.  The File Blocking Profile rulebase does not follow a normal "top-down" approach when applying rule actions. When a file is seen in a traffic flow matching a Security policy with a File Blocking Profile applied, it will be checked against the configured File Blocking policy.  When there is a single match, action is taken accordingly. In the case of multiple matches, the highest precedence action will be used.  The options to move rules up/down the list are used purely for organization and cosmetic reason.

 

Action Precedence

There are three actions that can be applied to File Blocking Profile rules. The order of precedence among the actions in PAN-OS 8.1 and above is as follows:

  1. Block
  2. Continue
  3. Alert


Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGeCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language