Palo Alto Networks Knowledgebase: Change in security policy actions from PAN-OS 7.0 & higher

Change in security policy actions from PAN-OS 7.0 & higher

2773
Created On 02/08/19 00:04 AM - Last Updated 02/08/19 00:04 AM
Reporting and Logging
Resolution

This article discusses the change in behaviour from PAN-OS 7.0 and higher where the 'deny' action in the security policy results in the application-specific 'deny' action.

 

From PAN-OS 7.0 branch onwards, the 'deny' policy action is noted as per the default deny action for the application.
For example, the default deny action for application 'SSL' is 'drop-reset' and listed in the traffic logs as 'reset-both'.

 

For checking the default 'deny' action of an application, please refer to Applipedia or Objects > Application on the firewall GUI.

 

Below is an example showing the action 'Deny' for application 'SSL'  

 

Snip20170705_75.png

 

 

 

 Note the 'Deny Action' for application SSL is 'drop-reset'

 

Snip20170704_68.png

 

 

The action listed for a security policy with action 'deny' in the previous PANOS version 6.1 can be seen as 'deny' itself 

 

 Snip20170704_70.png

 

 

NOTE : The above change in behaviour for action 'deny' may result in the logs and reports capturing results with action as 'reset-both' and this is expected behaviour.

 

For more details on the change in security policy actions and options, please refer to:

 

Granular Actions for Blocking Traffic in Security Policy 

Configurable Deny Action

 

Applicable actions with all available options:

 

1. Action 'Deny'

 

Snip20170705_75.png

 

 

2. Action 'Allow'

 

Snip20170705_73.png

 

 

3. Action 'Drop'

 

Snip20170705_76.png

 

 

 

4. Action 'Reset-client'

 

Snip20170705_78.png

 

 

5. Action 'Reset-server'

 

Snip20170705_79.png

 

 

5. Action 'Reset both client and server'

 

Snip20170705_80.png

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CljyCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language