How to remove a DNS Signature exception
436
Created On 07/08/25 12:49 PM - Last Modified 08/15/25 03:04 AM
Question
How do you remove a DNS signature exception? I do not see a way to do so from the firewall GUI:
Environment
- Palo Alto Firewalls
- Supported PAN-OS
- DNS Signature exception
Answer
At the time of this article, the only way to remove a DNS signature exception is through the firewall CLI:
- login to the firewall CLI
- Enter configure mode with the configure command
> configure
- Use the following command to delete the exception:
# delete profiles spyware <profile_name> botnet-domains threat-exception <Threat_ID>
- Replace <profile_name> with the name of the profile that has the exception and <Threat_ID> with the ID you are removing.
- commit your changes with the commit command and exit.
# commit
# exit
- On firewall GUI, you can confirm the exception has now been removed: