https://live.paloaltonetworks.com/t5/globalprotect-discussions/brute-force-attack-protection-on-globalprotect-portal-page-isn-t/m-p/998128#M6249 <P>- We have a <SPAN>&nbsp;Vulnerability Protection for&nbsp;</SPAN>threat<SPAN>&nbsp;ID 40017 SSL VPN Authentication Brute Force Attempt in place.</SPAN></P> <P>- With default Time attribute as 10 hits per 60 seconds, action as Block IP and have called in the security policy but it is not being triggered.</P> <P>- reference <A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJ2CAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJ2CAK</A></P> <P><LI-WRAPPER></LI-WRAPPER></P> <P>- We have already added 40017 in the Vulnerability Protection Profile - exceptions and were able to find it there.</P> <P>- The commit is successful, but we see the warning in the commit window as:</P> <UL> <LI>Error: Profile compiler : can not find tid 40017, utid 0 in threat database</LI> <LI>Warning: No valid threat content package exists</LI> <LI>vsys1</LI> </UL> <P>- We have the latest App and threat package installed in dynamic updates already</P> <P>- But we have Threat Prevention license as Trial license would this be the root cause of this? or Any other suggestions?</P> <P>&nbsp;</P> <P>Thanks in Advance.</P> <P>&nbsp;</P> Thu, 12 Dec 2024 21:19:00 GMT Param_Upadhyay 2024-12-12T21:19:00Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/brute-force-attack-protection-on-globalprotect-portal-page-isn-t/m-p/998128#M6249 <P>- We have a <SPAN>&nbsp;Vulnerability Protection for&nbsp;</SPAN>threat<SPAN>&nbsp;ID 40017 SSL VPN Authentication Brute Force Attempt in place.</SPAN></P> <P>- With default Time attribute as 10 hits per 60 seconds, action as Block IP and have called in the security policy but it is not being triggered.</P> <P>- reference <A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJ2CAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJ2CAK</A></P> <P><LI-WRAPPER></LI-WRAPPER></P> <P>- We have already added 40017 in the Vulnerability Protection Profile - exceptions and were able to find it there.</P> <P>- The commit is successful, but we see the warning in the commit window as:</P> <UL> <LI>Error: Profile compiler : can not find tid 40017, utid 0 in threat database</LI> <LI>Warning: No valid threat content package exists</LI> <LI>vsys1</LI> </UL> <P>- We have the latest App and threat package installed in dynamic updates already</P> <P>- But we have Threat Prevention license as Trial license would this be the root cause of this? or Any other suggestions?</P> <P>&nbsp;</P> <P>Thanks in Advance.</P> <P>&nbsp;</P> Thu, 12 Dec 2024 21:19:00 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/brute-force-attack-protection-on-globalprotect-portal-page-isn-t/m-p/998128#M6249 Param_Upadhyay 2024-12-12T21:19:00Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/brute-force-attack-protection-on-globalprotect-portal-page-isn-t/m-p/998688#M6260 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/220048">@Param_Upadhyay</a>&nbsp;,</P> <P>&nbsp;</P> <P>Can you navigate to your Vulnerability Protection profiles (Objects -&gt; Security Profiles -&gt; Vulnerability Protection) and search for the threat ID. Open up any of your profiles or you can click add (you can cancel out once done), click on the Exceptions tab, and select Show all signatures. Do you see any threats populate? Next, can you search for "40017", do you see the threat pop up?&nbsp;</P> Tue, 17 Dec 2024 21:35:49 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/brute-force-attack-protection-on-globalprotect-portal-page-isn-t/m-p/998688#M6260 JayGolf 2024-12-17T21:35:49Z