I've been looking at our PA, and I've found that it's detecting viruses being delivered in SMTP traffic. The PA is alerting, but taking no further action.
Looking at this guide here, I understand that Palo Alto have this set based on the best recommendation at the time.
I'm wondering why we wouldn't want to block viruses on the PA, like we do with http(s) traffic by default?
Is this because we're assuming that there will be some other AV on the mail server?
Or is it because we're not assuming that the PA will not go on the edge of the network?
Solved! Go to Solution.
Hi @Luke_R ,
Best practice would be to use the reset-both action to return a 541 response to the sending SMTP server to prevent it from resending the blocked message.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!