https://live.paloaltonetworks.com/t5/general-topics/threat-logs-type-vulnerability-and-spyware-action-reset-both-and/m-p/234350#M67182 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/75039">@MP18</a>,</P><P>"does this mean that if it is DNS query traffic this will time out the traffic?</P><P>Threat ID here is 54122" (54122 isn't showing as a valid Vulnerability signature btw)</P><P><FONT color="#FF0000">If the action is reset-both a reset will be sent to both the Source and Destination; essentially the firewall lets the devices know that it's closing the connection. With DNS traffic I'm not positive that will really matter, since the DNS request doesn't get a result it'll probably simply look like the traffic timed-out from the client side of things.&nbsp;</FONT></P><P>&nbsp;</P><P>as name says it will drop the traffic right?</P><P><FONT color="#FF0000">Correct, nothing is sent to the client or the server and the connection is simply dropped on the firewall.&nbsp;</FONT></P><P>&nbsp;</P><P>so if server is doing dns query to dns server how the action reset both and drop works?</P><P><FONT color="#FF0000">Specific to DNS queries I believe that either method will visually look the same. Since the client never gets a valid response it should show that it aged_out without a response from the client side of things.&nbsp;</FONT></P> Mon, 08 Oct 2018 02:54:37 GMT BPry 2018-10-08T02:54:37Z https://live.paloaltonetworks.com/t5/general-topics/threat-logs-type-vulnerability-and-spyware-action-reset-both-and/m-p/234335#M67179 <P>&nbsp;</P><P>Under threats logs i see type as :</P><P>&nbsp;</P><P>type&nbsp; vulnerability&nbsp; &nbsp;action - reset both-----------sev is high</P><P>&nbsp;</P><P>does this mean that if it is DNS query traffic this will time out the traffic?</P><P>Threat ID here is 54122</P><P>&nbsp;</P><P>type&nbsp; spyware&nbsp; &nbsp;action is drop --------------sev is drop</P><P>&nbsp;</P><P>as name says it will drop the traffic right?</P><P>&nbsp;</P><P>so if server is doing dns query to dns server how the action reset both and drop works?</P><P>&nbsp;</P><P>Regards</P><P>Mike</P> Sun, 07 Oct 2018 20:59:44 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-logs-type-vulnerability-and-spyware-action-reset-both-and/m-p/234335#M67179 MP18 2018-10-07T20:59:44Z https://live.paloaltonetworks.com/t5/general-topics/threat-logs-type-vulnerability-and-spyware-action-reset-both-and/m-p/234350#M67182 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/75039">@MP18</a>,</P><P>"does this mean that if it is DNS query traffic this will time out the traffic?</P><P>Threat ID here is 54122" (54122 isn't showing as a valid Vulnerability signature btw)</P><P><FONT color="#FF0000">If the action is reset-both a reset will be sent to both the Source and Destination; essentially the firewall lets the devices know that it's closing the connection. With DNS traffic I'm not positive that will really matter, since the DNS request doesn't get a result it'll probably simply look like the traffic timed-out from the client side of things.&nbsp;</FONT></P><P>&nbsp;</P><P>as name says it will drop the traffic right?</P><P><FONT color="#FF0000">Correct, nothing is sent to the client or the server and the connection is simply dropped on the firewall.&nbsp;</FONT></P><P>&nbsp;</P><P>so if server is doing dns query to dns server how the action reset both and drop works?</P><P><FONT color="#FF0000">Specific to DNS queries I believe that either method will visually look the same. Since the client never gets a valid response it should show that it aged_out without a response from the client side of things.&nbsp;</FONT></P> Mon, 08 Oct 2018 02:54:37 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-logs-type-vulnerability-and-spyware-action-reset-both-and/m-p/234350#M67182 BPry 2018-10-08T02:54:37Z https://live.paloaltonetworks.com/t5/general-topics/threat-logs-type-vulnerability-and-spyware-action-reset-both-and/m-p/234356#M67185 <P>it is always pleasure to read reply from you.</P><P>Can you please explain --</P><P>&nbsp;</P><P><FONT color="#ff0000">since the DNS request doesn't get a result </FONT>?</P> Mon, 08 Oct 2018 06:08:42 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-logs-type-vulnerability-and-spyware-action-reset-both-and/m-p/234356#M67185 MP18 2018-10-08T06:08:42Z https://live.paloaltonetworks.com/t5/general-topics/threat-logs-type-vulnerability-and-spyware-action-reset-both-and/m-p/234537#M67239 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/75039">@MP18</a>,</P><P>If the traffic is being reset the DNS request wouldn't recieve a response from the DNS server.&nbsp;</P> Tue, 09 Oct 2018 02:45:54 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-logs-type-vulnerability-and-spyware-action-reset-both-and/m-p/234537#M67239 BPry 2018-10-09T02:45:54Z