https://live.paloaltonetworks.com/t5/general-topics/session-end-reason-threat/m-p/285696#M76466 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/75039">@MP18</a>&nbsp;If one of the security-profiles noticed a threat, you configured to be blocked, that is the behavior what you want a NGFW to perform - everything alright.</P><P>You should validate, which threat-ids are generated and if these are false-positives or real threats.</P><P>I would not recommend to disable security-profiles on production traffic</P> Thu, 29 Aug 2019 10:48:32 GMT Chacko42 2019-08-29T10:48:32Z https://live.paloaltonetworks.com/t5/general-topics/session-end-reason-threat/m-p/285650#M76453 <P>&nbsp;</P><P>We have vendor traffic coming to PA and session end reason is threat.</P><P>Under threat i can see the threat id number</P><P>They are lot of them</P><P>&nbsp;</P><P>For easy way I have disabled the security profile vulner protection for that rule.</P><P>&nbsp;</P><P>Need to confirm by doing this PA should not end the session with threat right?</P> Wed, 28 Aug 2019 23:32:04 GMT https://live.paloaltonetworks.com/t5/general-topics/session-end-reason-threat/m-p/285650#M76453 MP18 2019-08-28T23:32:04Z https://live.paloaltonetworks.com/t5/general-topics/session-end-reason-threat/m-p/285696#M76466 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/75039">@MP18</a>&nbsp;If one of the security-profiles noticed a threat, you configured to be blocked, that is the behavior what you want a NGFW to perform - everything alright.</P><P>You should validate, which threat-ids are generated and if these are false-positives or real threats.</P><P>I would not recommend to disable security-profiles on production traffic</P> Thu, 29 Aug 2019 10:48:32 GMT https://live.paloaltonetworks.com/t5/general-topics/session-end-reason-threat/m-p/285696#M76466 Chacko42 2019-08-29T10:48:32Z