Vulnerability/Spyware Protection Profile Rules Order

Vulnerability/Spyware Protection Profile Rules Order

14880
Created On 09/25/18 17:36 PM - Last Modified 05/31/23 20:48 PM


Resolution


Overview

This document explains how multiple rules for vulnerability and sypware profiles are processed for the same severity.

 

Details

If one vulnerability profile has multiple rules for the same severity then traffic takes the top down approach, much like security policies.

 

Examples

The following vulnerability profile has 3 rules:

If the Palo Alto Networks firewall detects traffic with a MEDIUM severity vulnerability, rule 2 will take effect and an ALERT action will be applied.

 

The following spyware profile has 3 rules:

If the firewall detects traffic with a HIGH severity spyware, rule 1 will take effect and an action of ALERT will be applied.

 

For file blocking rule order precedence, refer to this document: File Blocking Rulebase and Action Precedence

 

owner: kadak
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGiCAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language