https://live.paloaltonetworks.com/t5/general-topics/quarantine-functions/m-p/44884#M32958 <HTML><HEAD></HEAD><BODY><P>You mean like a ratelimiting but for the Threat Prevention functions?</P><P></P><P>IMHO that doesnt make sense... you want to allow bad traffic but block the bad traffic for lets say 5 minutes and then allow the bad traffic again?</P><P></P><P>Or could you perhaps describe the usercase in more detail?</P></BODY></HTML> Wed, 01 Feb 2012 19:11:01 GMT mikand 2012-02-01T19:11:01Z https://live.paloaltonetworks.com/t5/general-topics/quarantine-functions/m-p/44883#M32957 <HTML><HEAD></HEAD><BODY><P>I have&nbsp; a customer who is familiar with ISS Proventias.&nbsp; This customer is trying to match capabilities of the ISS to PA.&nbsp;&nbsp; I have answered all his questiosn/ matchups with IPS rule to a Vulnerability Protection policy+ Malware/Spyware policy, but I am not sur ehow to address this quarantine question with him.</P><P></P><P>In the ISS Proventia, you can set a time limit to block traffic hitting an IPS rule, "quarantining" for a period of time.&nbsp;&nbsp; I can't seem to find this capabiity in the actions, etc.</P><P></P><P>Please advise!</P><P></P><P>Thanks!</P><P></P><P>Cam</P></BODY></HTML> Wed, 01 Feb 2012 17:10:42 GMT https://live.paloaltonetworks.com/t5/general-topics/quarantine-functions/m-p/44883#M32957 cwilliams 2012-02-01T17:10:42Z https://live.paloaltonetworks.com/t5/general-topics/quarantine-functions/m-p/44884#M32958 <HTML><HEAD></HEAD><BODY><P>You mean like a ratelimiting but for the Threat Prevention functions?</P><P></P><P>IMHO that doesnt make sense... you want to allow bad traffic but block the bad traffic for lets say 5 minutes and then allow the bad traffic again?</P><P></P><P>Or could you perhaps describe the usercase in more detail?</P></BODY></HTML> Wed, 01 Feb 2012 19:11:01 GMT https://live.paloaltonetworks.com/t5/general-topics/quarantine-functions/m-p/44884#M32958 mikand 2012-02-01T19:11:01Z https://live.paloaltonetworks.com/t5/general-topics/quarantine-functions/m-p/44885#M32959 <HTML><HEAD></HEAD><BODY><P>cwilliams, is this an example you are thinking of?</P><P></P><P>Say that the Firewall detects a port scan from a particular IP address. What some IPS devices do is block that all traffic from that IP address for a certain amount of time, say 10 minutes. Once that timer expires, traffic is then permitted from that IP, until anoher violation occurs.</P></BODY></HTML> Thu, 02 Feb 2012 04:48:32 GMT https://live.paloaltonetworks.com/t5/general-topics/quarantine-functions/m-p/44885#M32959 ekerstetter 2012-02-02T04:48:32Z