How to Disable Signatures for a Specific Host

How to Disable Signatures for a Specific Host

33084
Created On 09/25/18 18:02 PM - Last Modified 06/08/23 02:53 AM


Resolution


Overview

This document describes the steps to disable signatures for traffic for a specific host(s).

Steps:

  1. Navigate to Objects > Security Profiles > Vulnerability Protection.
  2. Create a new Profile or edit an existing one.
  3. Under Exception check the "Show all signatures" and than filter the needed signature (for example 30042).
    Screen Shot 2014-07-16 at 9.24.03 PM.png
  4. The default action for this signature is "reset-both". However, for the IP address 10.10.10.10, an exception is created and will not reset the connection when there is a match to the signature, but will allow the traffic. This is done by clicking on the IP Address Exemption Field, adding the IP address in the form, and changing the action to allow. If the exception is needed for multiple IP addresses, add them also in the form. Notice that the count in the IP column will increase.
    Screen Shot 2014-07-16 at 8.24.08 PM.png
    Don't forget to check the Enable column, so that the exception is enabled for that Vulnerability Profile.
    Screen Shot 2014-07-23 at 9.29.13 PM.png
  5. After the change, verify that the change took effect. Under the Profile itself, there should be an increase count in the exception part.
    Screen Shot 2014-07-16 at 8.32.46 PM.png
  6. If this is a new Vulnerability Profile, add it to the applicable security rule.
    Screen Shot 2014-07-16 at 8.42.10 PM.png

Note: Vulnerability profile was used in the example above, but the same steps can also be applied to spyware profiles.

owner: ialeksov



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClN3CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language