How to narrow the scope of a Threat Exception using cloned Security Policy rules and Security Profiles

How to narrow the scope of a Threat Exception using cloned Security Policy rules and Security Profiles

4562
Created On 04/30/21 13:56 PM - Last Modified 09/19/23 11:17 AM


Objective


 To provide a more granular approach to applying threat exceptions by narrowing the scope of the applied exception.

Environment


  • Palo Alto Firewall
  • PAN-OS

Procedure


 

  1. Identify the existing Security Policy rule and associated Security Profile you want to apply the threat exception.

image.png



 

  1. Clone the existing Security Policy rule. Rename the cloned Security Policy rule and placed right above the existing policy rule.

image.png


 

  1. Narrow the scope of the cloned Security Policy rule to the traffic desired.

image.png


 

  1. Clone and rename the associated Security Profile.

image.png


 

  1. Create the desired Threat Exceptions to the cloned Security Profile.

image.png


 

  1. Associate the cloned Security Profile to the cloned Security Policy rule.

image.png





7. Commit your changes.

image.png

 

Following these steps will allow the desired traffic to hit the new cloned policy rule and new Security Profile with the exception while the other traffic not in the scope will still hit the existing rule without the exception.

Additional Information


For more details, please see these additional articles on creating threat exceptions: 

How to Use Anti-Spyware, Vulnerability and Antivirus Exceptions to Block or Allow Threats

Create Threat Exceptions

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001VGuCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language