https://live.paloaltonetworks.com/t5/general-topics/same-vulnerability-profile-for-dns-and-web-servers-security/m-p/205838#M60413 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/7608">@reaper</a></P><P>&nbsp;</P><P>Thanks for the reply. Sorry for late for coming back to this discussion.&nbsp;</P><P>&nbsp;</P><P>So you mean, regardless of the application, the session is scanned for all vulerability signatures by content engine? Its not like if application is identified as DNS then only DNS specific sigantures are checked against the session?&nbsp;</P> Fri, 16 Mar 2018 07:31:41 GMT faizankhurshid 2018-03-16T07:31:41Z https://live.paloaltonetworks.com/t5/general-topics/same-vulnerability-profile-for-dns-and-web-servers-security/m-p/202167#M59668 <P>Hi</P><P>&nbsp;</P><P>I am wondering, firewall does not have the option to make vulnerability protection profiles based on signature categories like vulnerability signatures for dns server and web server and then used them in security policies realted to dns only or web server only.</P><P>&nbsp;</P><P>in firewall, I can see I&nbsp;have just only one vulnerability protection profile and use in all polices either its for dns or web server. Is there any performance impact for this?</P> Sun, 25 Feb 2018 14:25:16 GMT https://live.paloaltonetworks.com/t5/general-topics/same-vulnerability-profile-for-dns-and-web-servers-security/m-p/202167#M59668 faizankhurshid 2018-02-25T14:25:16Z https://live.paloaltonetworks.com/t5/general-topics/same-vulnerability-profile-for-dns-and-web-servers-security/m-p/202233#M59678 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/82863">@faizankhurshid</a></P> <P>&nbsp;</P> <P>No</P> <P>&nbsp;</P> <P>The kind of application your profile touches is controlled by the security policy, but the content scanning process is the same for all your sessions. (the presense of a profile sends the packets to the content scanning engine and it will scan the session appropriately)</P> <P>&nbsp;</P> <P>The security profiles control the decission making process (alert, drop, block ip, ...) but not how the applications are scanned</P> Mon, 26 Feb 2018 09:39:08 GMT https://live.paloaltonetworks.com/t5/general-topics/same-vulnerability-profile-for-dns-and-web-servers-security/m-p/202233#M59678 reaper 2018-02-26T09:39:08Z https://live.paloaltonetworks.com/t5/general-topics/same-vulnerability-profile-for-dns-and-web-servers-security/m-p/205838#M60413 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/7608">@reaper</a></P><P>&nbsp;</P><P>Thanks for the reply. Sorry for late for coming back to this discussion.&nbsp;</P><P>&nbsp;</P><P>So you mean, regardless of the application, the session is scanned for all vulerability signatures by content engine? Its not like if application is identified as DNS then only DNS specific sigantures are checked against the session?&nbsp;</P> Fri, 16 Mar 2018 07:31:41 GMT https://live.paloaltonetworks.com/t5/general-topics/same-vulnerability-profile-for-dns-and-web-servers-security/m-p/205838#M60413 faizankhurshid 2018-03-16T07:31:41Z https://live.paloaltonetworks.com/t5/general-topics/same-vulnerability-profile-for-dns-and-web-servers-security/m-p/205860#M60415 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/82863">@faizankhurshid</a></P> <P>&nbsp;</P> <P>No</P> <P>&nbsp;</P> <P>The packet is handed over to the content scanning engine and it will inspect the packet as efficiently as possible,&nbsp;it uses protocol specific decoders, so if dns is detected it will be inspected by the dns decoder, if http is detected, it will be processed by the http decoder</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 16 Mar 2018 08:05:41 GMT https://live.paloaltonetworks.com/t5/general-topics/same-vulnerability-profile-for-dns-and-web-servers-security/m-p/205860#M60415 reaper 2018-03-16T08:05:41Z https://live.paloaltonetworks.com/t5/general-topics/same-vulnerability-profile-for-dns-and-web-servers-security/m-p/206115#M60505 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/7608">@reaper</a>&nbsp;thanks&nbsp;</P><P>&nbsp;</P><P>Just last thing, if decoder is identified as DNS then still it will inspect all vulnerability signatures right?</P> Sat, 17 Mar 2018 08:04:11 GMT https://live.paloaltonetworks.com/t5/general-topics/same-vulnerability-profile-for-dns-and-web-servers-security/m-p/206115#M60505 faizankhurshid 2018-03-17T08:04:11Z https://live.paloaltonetworks.com/t5/general-topics/same-vulnerability-profile-for-dns-and-web-servers-security/m-p/206274#M60538 <P>yes, for dns related vulnerabilities</P> Mon, 19 Mar 2018 10:09:31 GMT https://live.paloaltonetworks.com/t5/general-topics/same-vulnerability-profile-for-dns-and-web-servers-security/m-p/206274#M60538 reaper 2018-03-19T10:09:31Z https://live.paloaltonetworks.com/t5/general-topics/same-vulnerability-profile-for-dns-and-web-servers-security/m-p/207343#M60787 <P>Thanks&nbsp;</P><P>&nbsp;</P><P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/7608">@reaper</a>&nbsp;I also observed for the application unknown-tcp, all vulnerabilities were checked in logs like IIS realted etc</P> Mon, 26 Mar 2018 07:49:09 GMT https://live.paloaltonetworks.com/t5/general-topics/same-vulnerability-profile-for-dns-and-web-servers-security/m-p/207343#M60787 faizankhurshid 2018-03-26T07:49:09Z https://live.paloaltonetworks.com/t5/general-topics/same-vulnerability-profile-for-dns-and-web-servers-security/m-p/207364#M60793 <P>hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/82863">@faizankhurshid</a></P> <P>&nbsp;</P> <P>unknown-tcp does not have a decoder (because it is unknown) so is checked for all vulnerabilities</P> Mon, 26 Mar 2018 09:30:22 GMT https://live.paloaltonetworks.com/t5/general-topics/same-vulnerability-profile-for-dns-and-web-servers-security/m-p/207364#M60793 reaper 2018-03-26T09:30:22Z