Security Rule Actions

Network Security

Security Rule Actions

Table of Contents

Security Rule Actions

Where Can I Use This?
What Do I Need?
  • NGFW (Cloud Managed)
  • NGFW (PAN-OS & Panorama Managed)
  • Prisma Access (Cloud Managed)
  • Prisma Access (Panorama Managed)
Check for any license or role requirements for the products you're using:
  • Prisma Access license or AIOps for NGFW license
For traffic that matches the attributes defined in a security policy, you can apply the following actions:
Allows the traffic.
Blocks traffic and enforces the default Deny Action defined for the application that is being denied.
Silently drops the traffic; for an application, it overrides the default deny action. A TCP reset isn't sent to the host/application.
For Layer 3 interfaces, to optionally send an ICMP unreachable response to the client, set Action:
and enable the
Send ICMP Unreachable
check box. When enabled, the ICMP code is sent for communication with the destination is administratively prohibited—ICMPv4: Type 3, Code 13; ICMPv6: Type 1, Code 1.
Reset client
Sends a TCP reset to the client-side device.
Reset server
Sends a TCP reset to the server-side device.
Reset both
Sends a TCP reset to both the client-side and server-side devices.
A reset is sent only after a session is formed. If the session is blocked before a 3-way handshake is completed, the reset won't be sent.
For a TCP session with a reset action, an ICMP Unreachable response isn't sent.
For a UDP session with a drop or reset action, if the
ICMP Unreachable
check box is selected, an ICMP message to the client is sent.

Recommended For You