topic Re: What is the Palo Alto recommended standard for Vulnerabilty Profiles, is it to block Critical and High Alerts? or to block medium alerts as well? in Next-Generation Firewall Discussions https://live.paloaltonetworks.com/t5/next-generation-firewall/what-is-the-palo-alto-recommended-standard-for-vulnerabilty/m-p/1245796#M6609 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/884110887">@J.Yeleti</a>&nbsp;,</P> <P>&nbsp;</P> <P>The recommended standard <U>in the documentation</U> is to monitor and determine which ones you should block.&nbsp; &nbsp;<A href="https://docs.paloaltonetworks.com/best-practices/internet-gateway-best-practices/best-practice-internet-gateway-security-policy/transition-safely-to-best-practice-security-profiles/transition-vulnerability-protection-profiles-safely-to-best-practices" target="_blank">https://docs.paloaltonetworks.com/best-practices/internet-gateway-best-practices/best-practice-internet-gateway-security-policy/transition-safely-to-best-practice-security-profiles/transition-vulnerability-protection-profiles-safely-to-best-practices</A></P> <P>&nbsp;</P> <P>However, if you run a Best Practice Assessment (BPA) from Strata Cloud Manager (SCM) (formerly AIOps) (There is a free version.) or if you download a Day 1 Configuration from the Customer Service Portal (CSP), then you will get more specific guidelines.</P> <P>&nbsp;</P> <P>Below is a screenshot of my Vulnerability Profiles from the Day 1 Configuration fine-tuned with recommendations from the BPA.&nbsp; Medium vulnerabilities are blocked for inbound and outbound traffic, but alerted for internal traffic.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="TomYoung_0-1768578810603.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/70381i0378ABB3BE3ED4EA/image-size/medium?v=v2&amp;px=400" role="button" title="TomYoung_0-1768578810603.png" alt="TomYoung_0-1768578810603.png" /></span></P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Tom</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 16 Jan 2026 15:59:34 GMT TomYoung 2026-01-16T15:59:34Z What is the Palo Alto recommended standard for Vulnerabilty Profiles, is it to block Critical and High Alerts? or to block medium alerts as well? https://live.paloaltonetworks.com/t5/next-generation-firewall/what-is-the-palo-alto-recommended-standard-for-vulnerabilty/m-p/1245794#M6608 <P>What is the Palo Alto recommended standard for Vulnerabilty Profiles, is it to block Critical and High Alerts? or to block medium alerts as well?</P> Fri, 16 Jan 2026 15:00:17 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/what-is-the-palo-alto-recommended-standard-for-vulnerabilty/m-p/1245794#M6608 J.Yeleti 2026-01-16T15:00:17Z Re: What is the Palo Alto recommended standard for Vulnerabilty Profiles, is it to block Critical and High Alerts? or to block medium alerts as well? https://live.paloaltonetworks.com/t5/next-generation-firewall/what-is-the-palo-alto-recommended-standard-for-vulnerabilty/m-p/1245796#M6609 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/884110887">@J.Yeleti</a>&nbsp;,</P> <P>&nbsp;</P> <P>The recommended standard <U>in the documentation</U> is to monitor and determine which ones you should block.&nbsp; &nbsp;<A href="https://docs.paloaltonetworks.com/best-practices/internet-gateway-best-practices/best-practice-internet-gateway-security-policy/transition-safely-to-best-practice-security-profiles/transition-vulnerability-protection-profiles-safely-to-best-practices" target="_blank">https://docs.paloaltonetworks.com/best-practices/internet-gateway-best-practices/best-practice-internet-gateway-security-policy/transition-safely-to-best-practice-security-profiles/transition-vulnerability-protection-profiles-safely-to-best-practices</A></P> <P>&nbsp;</P> <P>However, if you run a Best Practice Assessment (BPA) from Strata Cloud Manager (SCM) (formerly AIOps) (There is a free version.) or if you download a Day 1 Configuration from the Customer Service Portal (CSP), then you will get more specific guidelines.</P> <P>&nbsp;</P> <P>Below is a screenshot of my Vulnerability Profiles from the Day 1 Configuration fine-tuned with recommendations from the BPA.&nbsp; Medium vulnerabilities are blocked for inbound and outbound traffic, but alerted for internal traffic.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="TomYoung_0-1768578810603.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/70381i0378ABB3BE3ED4EA/image-size/medium?v=v2&amp;px=400" role="button" title="TomYoung_0-1768578810603.png" alt="TomYoung_0-1768578810603.png" /></span></P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Tom</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 16 Jan 2026 15:59:34 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/what-is-the-palo-alto-recommended-standard-for-vulnerabilty/m-p/1245796#M6609 TomYoung 2026-01-16T15:59:34Z