Palo Alto Networks Knowledgebase: Change in security policy actions from PAN-OS 7.0 & higher
Change in security policy actions from PAN-OS 7.0 & higher
Created On 02/08/19 00:04 AM - Last Updated 02/08/19 00:04 AM
Reporting and Logging
This article discusses the change in behaviour from PAN-OS 7.0 and higher where the 'deny' action in the security policy results in the application-specific 'deny' action.
From PAN-OS 7.0 branch onwards, the 'deny' policy action is noted as per the default deny action for the application. For example, the default deny action for application 'SSL' is 'drop-reset' and listed in the traffic logs as 'reset-both'.
For checking the default 'deny' action of an application, please refer to Applipedia or Objects > Application on the firewall GUI.
Below is an example showing the action 'Deny' for application 'SSL'
Note the 'Deny Action' for application SSL is 'drop-reset'
The action listed for a security policy with action 'deny' in the previous PANOS version 6.1 can be seen as 'deny' itself
NOTE : The above change in behaviour for action 'deny' may result in the logs and reports capturing results with action as 'reset-both' and this is expected behaviour.
For more details on the change in security policy actions and options, please refer to: