Filter

Expand All | Collapse All

Network Security Docs

Security Policy Administration
IPsec VPN Administration

Focus

Network Security

Security Rule Actions

Table of Contents

Components of a Security Rule

Create a Security Policy Rule

Security Rule Actions

Where Can I Use This?	What Do I Need?
NGFW (Cloud Managed) NGFW (PAN-OS & Panorama Managed) Prisma Access (Cloud Managed) Prisma Access (Panorama Managed)	Check for any license or role requirements for the products you're using: Prisma Access license or AIOps for NGFW license

For traffic that matches the attributes defined in a security policy, you can apply the following actions:

Action	Description
Allow (default)	Allows the traffic.
Deny	Blocks traffic and enforces the default Deny Action defined for the application that is being denied.
Drop	Silently drops the traffic; for an application, it overrides the default deny action. A TCP reset isn't sent to the host/application. For Layer 3 interfaces, to optionally send an ICMP unreachable response to the client, set Action: Drop and enable the Send ICMP Unreachable check box. When enabled, the ICMP code is sent for communication with the destination is administratively prohibited—ICMPv4: Type 3, Code 13; ICMPv6: Type 1, Code 1.
Reset client	Sends a TCP reset to the client-side device.
Reset server	Sends a TCP reset to the server-side device.
Reset both	Sends a TCP reset to both the client-side and server-side devices.
A reset is sent only after a session is formed. If the session is blocked before a 3-way handshake is completed, the reset won't be sent. For a TCP session with a reset action, an ICMP Unreachable response isn't sent. For a UDP session with a drop or reset action, if the ICMP Unreachable check box is selected, an ICMP message to the client is sent.

Components of a Security Rule

Create a Security Policy Rule