https://live.paloaltonetworks.com/t5/general-topics/make-exception-in-vulnerability/m-p/132753#M47117 <P>you can also tweak the number of hits required for the signature to trigger :</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="tweak brute force.png"><img src="https://live.paloaltonetworks.com/skins/images/2F2A72B3BE70ACC5EBC3E1D7685F5297/responsive_peak/images/image_not_found.png" alt="tweak brute force.png" /></span></P> <P>&nbsp;</P> <P>this way you can still leverage the added protection this signature offers on top of DoS protection</P> <P>&nbsp;</P> <P>or simply add the server to the exceptions and still apply the signature to all other traffic</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="tweak brute force2.png"><img src="https://live.paloaltonetworks.com/skins/images/2F2A72B3BE70ACC5EBC3E1D7685F5297/responsive_peak/images/image_not_found.png" alt="tweak brute force2.png" /></span></P> Wed, 14 Dec 2016 08:58:27 GMT reaper 2016-12-14T08:58:27Z https://live.paloaltonetworks.com/t5/general-topics/make-exception-in-vulnerability/m-p/132687#M47104 <P>For our website we host a database in our DMZ network. When we recieve a lot of calls from the website to the database the connection get a reset because the firewall see this as an attack (40031). Is there a way to configurate that the firewall allow more connections but that we are still save for attacks?</P> Tue, 13 Dec 2016 20:12:12 GMT https://live.paloaltonetworks.com/t5/general-topics/make-exception-in-vulnerability/m-p/132687#M47104 ZEBIT 2016-12-13T20:12:12Z https://live.paloaltonetworks.com/t5/general-topics/make-exception-in-vulnerability/m-p/132695#M47105 <P>You could just make an exception for that server and then setup DoS protection for the server. It won't protect against HTTP unauthorized brute-force attempts per say, but usually when people launch an attack like this they would do it in a way that will trip a DoS profile.&nbsp;</P> Tue, 13 Dec 2016 20:48:20 GMT https://live.paloaltonetworks.com/t5/general-topics/make-exception-in-vulnerability/m-p/132695#M47105 BPry 2016-12-13T20:48:20Z https://live.paloaltonetworks.com/t5/general-topics/make-exception-in-vulnerability/m-p/132728#M47110 <P>Hi BPry,</P><P>&nbsp;</P><P>Thanks for the info. Can you give me some more information about how to setup the right settings?</P> Wed, 14 Dec 2016 06:22:03 GMT https://live.paloaltonetworks.com/t5/general-topics/make-exception-in-vulnerability/m-p/132728#M47110 ZEBIT 2016-12-14T06:22:03Z https://live.paloaltonetworks.com/t5/general-topics/make-exception-in-vulnerability/m-p/132738#M47112 <P>Hi,</P><P>&nbsp;</P><P>You can add an exception in the security profile on the basis of IP address and what it will do that it will not consider/identify this specific Threat for this source/destination.</P><P>&nbsp;</P><P>Or, if you have specific security profile configured for this web server only, you can change the default action of this specific threat in the security profile, but make sure that it's not in use anywhere else at all, otherwise it will affect all.</P><P>&nbsp;</P><P>DoS profile can be configured to provide protection against flood attack, it's an end host protection.</P><P>&nbsp;</P><P>Best Regards,</P><P>&nbsp;</P><P>Fozail</P> Wed, 14 Dec 2016 07:37:19 GMT https://live.paloaltonetworks.com/t5/general-topics/make-exception-in-vulnerability/m-p/132738#M47112 fozail 2016-12-14T07:37:19Z https://live.paloaltonetworks.com/t5/general-topics/make-exception-in-vulnerability/m-p/132753#M47117 <P>you can also tweak the number of hits required for the signature to trigger :</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="tweak brute force.png"><img src="https://live.paloaltonetworks.com/skins/images/2F2A72B3BE70ACC5EBC3E1D7685F5297/responsive_peak/images/image_not_found.png" alt="tweak brute force.png" /></span></P> <P>&nbsp;</P> <P>this way you can still leverage the added protection this signature offers on top of DoS protection</P> <P>&nbsp;</P> <P>or simply add the server to the exceptions and still apply the signature to all other traffic</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="tweak brute force2.png"><img src="https://live.paloaltonetworks.com/skins/images/2F2A72B3BE70ACC5EBC3E1D7685F5297/responsive_peak/images/image_not_found.png" alt="tweak brute force2.png" /></span></P> Wed, 14 Dec 2016 08:58:27 GMT https://live.paloaltonetworks.com/t5/general-topics/make-exception-in-vulnerability/m-p/132753#M47117 reaper 2016-12-14T08:58:27Z https://live.paloaltonetworks.com/t5/general-topics/make-exception-in-vulnerability/m-p/132764#M47118 <P>All these answers helped me to configure a good policy.<BR /><BR />Thanks all!</P> Wed, 14 Dec 2016 09:22:39 GMT https://live.paloaltonetworks.com/t5/general-topics/make-exception-in-vulnerability/m-p/132764#M47118 ZEBIT 2016-12-14T09:22:39Z