https://live.paloaltonetworks.com/t5/next-generation-firewall/how-to-test-a-vulnerability-protection-rule/m-p/533682#M1001 <P>Hello Everyone,</P> <P>I have a use case that I’m trying to test in a lab, but I can’t figure out how to perform the test, and I’m looking for guidance.</P> <P>&nbsp;</P> <P>My use case is to drop traffic if the firewall detects certain CVE vulnerabilities in the traffic. My question is, how can I actually test this if my test endpoint is not vulnerable, or I do not know of a server with vulnerabilities?</P> Wed, 08 Mar 2023 21:52:26 GMT JasonMcNulty 2023-03-08T21:52:26Z https://live.paloaltonetworks.com/t5/next-generation-firewall/how-to-test-a-vulnerability-protection-rule/m-p/533682#M1001 <P>Hello Everyone,</P> <P>I have a use case that I’m trying to test in a lab, but I can’t figure out how to perform the test, and I’m looking for guidance.</P> <P>&nbsp;</P> <P>My use case is to drop traffic if the firewall detects certain CVE vulnerabilities in the traffic. My question is, how can I actually test this if my test endpoint is not vulnerable, or I do not know of a server with vulnerabilities?</P> Wed, 08 Mar 2023 21:52:26 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/how-to-test-a-vulnerability-protection-rule/m-p/533682#M1001 JasonMcNulty 2023-03-08T21:52:26Z https://live.paloaltonetworks.com/t5/next-generation-firewall/how-to-test-a-vulnerability-protection-rule/m-p/534113#M1010 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/104461">@JasonMcNulty</a></P> <P>&nbsp;</P> <P>in lab environment I would recommend to deploy a VM with&nbsp;<SPAN>DVWA&nbsp;<A href="https://github.com/digininja/DVWA" target="_self">Ref</A>&nbsp;, then build another VM running vulnerability scanners for example OpenVAS, Metasploit. All these are open source or have free version. As next step, please each VM into own zone, apply policy with security profiles and start scanning the&nbsp;DVWA server.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Kind Regards</SPAN></P> <P><SPAN>Pavel</SPAN></P> Sat, 11 Mar 2023 23:44:02 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/how-to-test-a-vulnerability-protection-rule/m-p/534113#M1010 PavelK 2023-03-11T23:44:02Z https://live.paloaltonetworks.com/t5/next-generation-firewall/how-to-test-a-vulnerability-protection-rule/m-p/534188#M1013 <P>Thanks for the reply Pavel! I have created a DVWA server and I think you provided me with the final pice of the puzzle, which is to scan that server! That is what I did not try.</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 13 Mar 2023 14:07:56 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/how-to-test-a-vulnerability-protection-rule/m-p/534188#M1013 JasonMcNulty 2023-03-13T14:07:56Z