https://live.paloaltonetworks.com/t5/general-topics/different-actions-for-security-rules/m-p/385335#M90131 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/163084">@Nikko</a> ,</P> <P>&nbsp;</P> <P>Here are all actions explained:</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/policy/security-policy/security-policy-actions.html" target="_blank">https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/policy/security-policy/security-policy-actions.html</A></P> <P>&nbsp;</P> <P>Cheers !</P> <P>-Kiwi.</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Thu, 11 Feb 2021 10:58:25 GMT kiwi 2021-02-11T10:58:25Z https://live.paloaltonetworks.com/t5/general-topics/different-actions-for-security-rules/m-p/385283#M90128 <P>Hi Guys,</P><P>I would like to know what are the difference between the following actions in the security rules for PA.</P><P>1. Deny</P><P>2. Drop</P><P>3. Reset-client</P><P>4. Reset-server</P><P>5. Reset-both</P><P>Which of these are the most preferred to use? Is deny or drop action also resets the connection for both server and client?&nbsp;</P><P>Thanks</P> Thu, 11 Feb 2021 04:31:59 GMT https://live.paloaltonetworks.com/t5/general-topics/different-actions-for-security-rules/m-p/385283#M90128 Nikko 2021-02-11T04:31:59Z https://live.paloaltonetworks.com/t5/general-topics/different-actions-for-security-rules/m-p/385335#M90131 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/163084">@Nikko</a> ,</P> <P>&nbsp;</P> <P>Here are all actions explained:</P> <P>&nbsp;</P> <P><A href="https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/policy/security-policy/security-policy-actions.html" target="_blank">https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/policy/security-policy/security-policy-actions.html</A></P> <P>&nbsp;</P> <P>Cheers !</P> <P>-Kiwi.</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Thu, 11 Feb 2021 10:58:25 GMT https://live.paloaltonetworks.com/t5/general-topics/different-actions-for-security-rules/m-p/385335#M90131 kiwi 2021-02-11T10:58:25Z https://live.paloaltonetworks.com/t5/general-topics/different-actions-for-security-rules/m-p/385440#M90147 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/163084">@Nikko</a>&nbsp;You asked:</P> <P>"<SPAN>Which of these are the most preferred to use? Is deny or drop action also resets the connection for both server and client? "</SPAN></P> <P>&nbsp;</P> <P><SPAN>Answer:</SPAN></P> <P><SPAN>It really depends on what you are wanting to do. If this is normal traffic, then a Deny would be fine.&nbsp;</SPAN></P> <P><SPAN>If this is traffic that you would want the remote end to not "get a response" , then you would use Drop.</SPAN></P> <P><SPAN>as far as the reset.. the note states:</SPAN></P> <P><SPAN>A reset is sent only after a session is formed. If the session is blocked before a 3-way handshake is completed, the firewall will not send the reset.</SPAN></P> <P>&nbsp;</P> <P><SPAN>I hope this helps.</SPAN></P> Thu, 11 Feb 2021 16:26:37 GMT https://live.paloaltonetworks.com/t5/general-topics/different-actions-for-security-rules/m-p/385440#M90147 jdelio 2021-02-11T16:26:37Z https://live.paloaltonetworks.com/t5/general-topics/different-actions-for-security-rules/m-p/386075#M90205 <P>If no&nbsp;Deny&nbsp;Action&nbsp;is&nbsp;listed, the packets will be silently discarded.&nbsp;Drop-reset will discard the session's packets and send a TCP RST packet to let the client know the session has been terminated so it can gracefully close the session locally. In case the session&nbsp;is&nbsp;UDP or ICMP based, an ICMP Unreachable will be sent</P> Mon, 03 Jan 2022 20:39:12 GMT https://live.paloaltonetworks.com/t5/general-topics/different-actions-for-security-rules/m-p/386075#M90205 Kamron 2022-01-03T20:39:12Z https://live.paloaltonetworks.com/t5/general-topics/different-actions-for-security-rules/m-p/386303#M90228 <BLOCKQUOTE><HR />@<A href="https://www.imessageapp.biz/imessage-app-for-pc-download/" target="_self">iMessage PC</A>&nbsp;wrote:<BR /><P>Hi Guys,</P><P>I would like to know what are the difference between the following actions in the security rules for PA.</P><P>1. Deny</P><P>2. Drop</P><P>3. Reset-client</P><P>4. Reset-server</P><P>5. Reset-both</P><P>Which of these are the most preferred to use? Is deny or drop action also resets the connection for both server and client?&nbsp;</P><P>Thanks</P><HR /></BLOCKQUOTE><P>Relies upon what you are needing to do. On the off chance that this is typical traffic, at that point a Deny would be fine. On the off chance that this is traffic that you would need the far off finish to not "get a reaction" , at that point you would utilize Drop.</P> Tue, 23 Feb 2021 11:40:48 GMT https://live.paloaltonetworks.com/t5/general-topics/different-actions-for-security-rules/m-p/386303#M90228 Justin468 2021-02-23T11:40:48Z