https://live.paloaltonetworks.com/t5/general-topics/block-page-for-vulnerability-protection/m-p/31867#M23324 <HTML><HEAD></HEAD><BODY><P>Ahh yes sorry, was thinking of something else.</P><P></P><P>"Vuln protection" in PAN is the IDP engine which acts at session-control level (just dropping the packets or sending tcp-rst's to make server and/or client to drop the connection).</P><P></P><P>Current possible response pages seems to be (which you also can make your own versions of):</P><P></P><P>- Default Antivirus Response Page</P><P>- Default Application Block Page</P><P>- Default File Blocking Block Page</P><P>- Default URL Filtering Response Page</P><P>- Default Anti-Spyware Download Response Page</P><P>- Default Decryption Opt-out Response Page</P><P>- Captive Portal Comfort Page</P><P>- URL Filtering Continue and Override Page</P><P>- SSL VPN Login Page</P><P>- SSL Certificate Revoked Notify Page</P></BODY></HTML> Thu, 29 Mar 2012 06:13:20 GMT mikand 2012-03-29T06:13:20Z https://live.paloaltonetworks.com/t5/general-topics/block-page-for-vulnerability-protection/m-p/31864#M23321 <HTML><HEAD></HEAD><BODY><P>I have been testing the security profile for vulnerability protection.&nbsp; I set the action for all critical threats to block. What should I expect to see on the user computer screen if a site does contain a critical threat recognized by Palo Alto?&nbsp; Should the user see a block page?</P></BODY></HTML> Tue, 27 Mar 2012 21:09:58 GMT https://live.paloaltonetworks.com/t5/general-topics/block-page-for-vulnerability-protection/m-p/31864#M23321 oshcomp 2012-03-27T21:09:58Z https://live.paloaltonetworks.com/t5/general-topics/block-page-for-vulnerability-protection/m-p/31865#M23322 <HTML><HEAD></HEAD><BODY><P>If the client is using a browser it should see the block page which informs the client of why access have been blocked.</P><P></P><P>Dont forget to enable ssl-termination in order to inspect (and block) bad stuff using https.</P><P></P><P>You can also make custom block pages if you wish (for example if you wish to use a different design/layout or for that matter use a local language).</P><P></P><P>Check the PA-4.1_Administrators_Guide.pdf for more info (search for "block page").</P></BODY></HTML> Tue, 27 Mar 2012 22:06:54 GMT https://live.paloaltonetworks.com/t5/general-topics/block-page-for-vulnerability-protection/m-p/31865#M23322 mikand 2012-03-27T22:06:54Z https://live.paloaltonetworks.com/t5/general-topics/block-page-for-vulnerability-protection/m-p/31866#M23323 <HTML><HEAD></HEAD><BODY><P>No, the user would not see a block page for a vulnerability exploit that was detected. If a specially crafted web page contained an exploit, we would take the action associated with that signature on the profile, i.e. drop all packets and send a tcp reset to the client, server, or both, alert, etc. We don't have a block page for vulnerability protection. </P></BODY></HTML> Wed, 28 Mar 2012 23:49:59 GMT https://live.paloaltonetworks.com/t5/general-topics/block-page-for-vulnerability-protection/m-p/31866#M23323 fredallee 2012-03-28T23:49:59Z https://live.paloaltonetworks.com/t5/general-topics/block-page-for-vulnerability-protection/m-p/31867#M23324 <HTML><HEAD></HEAD><BODY><P>Ahh yes sorry, was thinking of something else.</P><P></P><P>"Vuln protection" in PAN is the IDP engine which acts at session-control level (just dropping the packets or sending tcp-rst's to make server and/or client to drop the connection).</P><P></P><P>Current possible response pages seems to be (which you also can make your own versions of):</P><P></P><P>- Default Antivirus Response Page</P><P>- Default Application Block Page</P><P>- Default File Blocking Block Page</P><P>- Default URL Filtering Response Page</P><P>- Default Anti-Spyware Download Response Page</P><P>- Default Decryption Opt-out Response Page</P><P>- Captive Portal Comfort Page</P><P>- URL Filtering Continue and Override Page</P><P>- SSL VPN Login Page</P><P>- SSL Certificate Revoked Notify Page</P></BODY></HTML> Thu, 29 Mar 2012 06:13:20 GMT https://live.paloaltonetworks.com/t5/general-topics/block-page-for-vulnerability-protection/m-p/31867#M23324 mikand 2012-03-29T06:13:20Z