Security Policy Actions
For traffic that matches the attributes defined in a security policy, you can apply the following actions:
Allows the traffic.
Blocks traffic and enforces the default Deny Action defined for the application that is being denied. To view the deny action defined by default for an application, view the application details in ObjectsApplications or check the application details in Applipedia.
Silently drops the traffic; for an application, it overrides the default deny action. A TCP reset is not sent to the host/application.
For Layer 3 interfaces, to optionally send an ICMP unreachable response to the client, set Action: Drop and enable the Send ICMP Unreachable check box. When enabled, the firewall sends the ICMP code for communication with the destination is administratively prohibited—ICMPv4: Type 3, Code 13; ICMPv6: Type 1, Code 1.
Sends a TCP reset to the client-side device.
Sends a TCP reset to the server-side device.
Sends a TCP reset to both the client-side and server-side devices.
A reset is sent only after a session is formed. If the session is blocked before a 3-way handshake is completed, the firewall will not send the reset.
For a TCP session with a reset action, the firewall does not send an ICMP Unreachable response.
For a UDP session with a drop or reset action, if the ICMP Unreachable check box is selected, the firewall sends an ICMP message to the client.
Overriding or Reverting a Security Policy Rule
Overriding or Reverting a Security Policy Rule The default security rules—interzone-default and intrazone-default—have predefined settings that you can override on a firewall or on Panorama. ...
Building Blocks in a Security Policy Rule
Building Blocks in a Security Policy Rule Policies > Security The following section describes each component in a Security policy rule . When you create ...
Tunnel Inspection Log Fields
Tunnel Inspection Log Fields Format : FUTURE_USE, Receive Time, Serial Number, Type, Subtype, FUTURE_USE, Generated Time, Source Address, Destination Address, NAT Source IP, NAT Destination ...
Actions in Security Profiles
Actions in Security Profiles The action specifies how the firewall responds to a threat event. Every threat or virus signature that is defined by Palo ...
Security Profiles While security policy rules enable you to allow or block traffic on your network, security profiles help you define an allow but scan ...
Traffic Log Fields
Traffic Log Fields Format: FUTURE_USE, Receive Time, Serial Number, Type, Threat/Content Type, FUTURE_USE, Generated Time, Source Address, Destination Address, NAT Source IP, NAT Destination IP, ...
Step 3: Create the Application Block Rules
Step 3: Create the Application Block Rules Although the overall goal of your security policy is to safely enable applications using application whitelist rules (also ...
Traffic Logs Traffic logs display an entry for the start and end of each session. Each entry includes the following information: date and time; source ...
Security Policy Rules Based on ICMP and ICMPv6 Packets
Security Policy Rules Based on ICMP and ICMPv6 Packets The firewall forwards ICMP or ICMPv6 packets only if a security policy rule allows the session ...