How to create exception for particular vulnerability signature to allow certain ip addresses and drop/block others
10216
Created On 03/07/23 20:31 PM - Last Modified 07/22/25 15:32 PM
Objective
To assist with creating an exception for particular vulnerability signature or threat ID allowing certain ip addresses and drop/block others.
Environment
- Palo Alto Firewall
- PAN-OS
- Vulnerability signature
Procedure
1. Browse to OBJECTS > Security Profiles > Vulnerability Protection in firewall or Panorama GUI.
- Create new profile or edit the existing profile ( not default profiles, those can not be modified )
2. Create new rule and Exception for threat ID such as 40015 in this case
- You may want to find the threat name from "Threat Vault " and use that name for creating rule and an exception. Alternatively, you can find the threat name under vulnerability profile > Exceptions, check an option "show all signatures " and search the signature ID such as 40015.
- Click OK and move the rule above the existing generic rules.
- Edit the same rule and click on Exceptions and check option "Show all signatures" and search the ThreatID for example 40015 as shown above. Then click on column "IP Address Exceptions" and add the ip address.
Finally, make sure that vulnerability profile is used in security rule to take effect.
This configuration should allow the traffic from ip address 192.168.1.10 for the vulnerability signature 40015 and block it for others.
Additional Information
Related KB articles:
How to Check or Edit the Default Action of a Threat Signature
How to Add Exempt IP Addresses from the Threat Monitor Logs