https://live.paloaltonetworks.com/t5/general-topics/question-regarding-reporting/m-p/9342#M6846 <HTML><HEAD></HEAD><BODY><P>Hi All!</P><P></P><P>I'm responsible for Security Analysis at a Telecommunications company up in New England. We've recently deployed Palo Alto firewalls to all sites, and I am currently going through PDF Reports manually while we get Splunk installed.</P><P></P><P>One thing that confuses me is that occasionally, when doing a custom report, we get a traffic action I'm not familiar with. Typically we see 'alert' or 'drop all packets'. However, in one of our sites, we're seeing traffic labeled as 'reset-both' (image below, fifth line. This report is custom, created from the threat logs at this site).</P><P></P><P>Can someone explain what this action means in comparison to 'drop all packets'? Thanks!</P><P></P><P>-Travis Fitzgerald<IMG alt="paquestion.bmp" class="jive-image-thumbnail jive-image" height="290" src="https://live.paloaltonetworks.com/legacyfs/online/6872_paquestion.bmp" style="height: 290px; width: 737.2881355932203px;" width="737" /></P></BODY></HTML> Tue, 11 Jun 2013 13:56:57 GMT tfitzgerald 2013-06-11T13:56:57Z https://live.paloaltonetworks.com/t5/general-topics/question-regarding-reporting/m-p/9342#M6846 <HTML><HEAD></HEAD><BODY><P>Hi All!</P><P></P><P>I'm responsible for Security Analysis at a Telecommunications company up in New England. We've recently deployed Palo Alto firewalls to all sites, and I am currently going through PDF Reports manually while we get Splunk installed.</P><P></P><P>One thing that confuses me is that occasionally, when doing a custom report, we get a traffic action I'm not familiar with. Typically we see 'alert' or 'drop all packets'. However, in one of our sites, we're seeing traffic labeled as 'reset-both' (image below, fifth line. This report is custom, created from the threat logs at this site).</P><P></P><P>Can someone explain what this action means in comparison to 'drop all packets'? Thanks!</P><P></P><P>-Travis Fitzgerald<IMG alt="paquestion.bmp" class="jive-image-thumbnail jive-image" height="290" src="https://live.paloaltonetworks.com/legacyfs/online/6872_paquestion.bmp" style="height: 290px; width: 737.2881355932203px;" width="737" /></P></BODY></HTML> Tue, 11 Jun 2013 13:56:57 GMT https://live.paloaltonetworks.com/t5/general-topics/question-regarding-reporting/m-p/9342#M6846 tfitzgerald 2013-06-11T13:56:57Z https://live.paloaltonetworks.com/t5/general-topics/question-regarding-reporting/m-p/9343#M6847 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-family: 'Lucida Grande', 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 12.222222328186035px; background-color: #ffffff;"> Reset-both: When selected as the action on the signature, the firewall will drop the packet and send a TCP reset to both client and server.&nbsp; This action is available in vulnerability protection exceptions.</SPAN></P><P><SPAN style="margin: 0 0 10px; font-style: inherit; font-size: 12.222222328186035px; font-family: inherit;">&nbsp; Drop-all-Packets: When selected as the action on the signature, the firewall will drop every subsequent packet for that connection.&nbsp; This action is available in vulnerability protection exceptions.</SPAN></P></BODY></HTML> Tue, 11 Jun 2013 14:11:29 GMT https://live.paloaltonetworks.com/t5/general-topics/question-regarding-reporting/m-p/9343#M6847 gswcowboy 2013-06-11T14:11:29Z https://live.paloaltonetworks.com/t5/general-topics/question-regarding-reporting/m-p/9344#M6848 <HTML><HEAD></HEAD><BODY><P>Awesome, thanks. That's just what I needed.</P></BODY></HTML> Tue, 11 Jun 2013 14:16:04 GMT https://live.paloaltonetworks.com/t5/general-topics/question-regarding-reporting/m-p/9344#M6848 tfitzgerald 2013-06-11T14:16:04Z