DNS Security

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

DNS Security

L1 Bithead

Hello,

Is there any way to turn off the following information after commit on 9.0.1 with Anti-Spyware Profile attached to Security Policy?

I can't delete Palo Alto Networks DNS Security option from Anti-Spyware Profile.

 

Warnings

  • Warning: No Valid DNS Security License
  • (Module: device)

 

Lukasz

1 accepted solution

Accepted Solutions

L2 Linker

Try delete it from CLI:

 

delete profiles spyware XXXXX botnet-domains lists default-paloalto-cloud 

 

 

View solution in original post

11 REPLIES 11

L2 Linker

Try delete it from CLI:

 

delete profiles spyware XXXXX botnet-domains lists default-paloalto-cloud 

 

 

I opened a case and it was escalated developers

Thank you, this works for me.

 

You can't delete it from the default anti-spyware profiles, so if you are using them the warning will appear everytime you commit.

I cloned both of them (default and strict). Then I delete that "default-paloalto-cloud" entry from these new profiles and to finish I ensured to change the defaults with the new ones in all the Profiles Groups, Security Policies, etc...

L1 Bithead

I got the confirmation from Engineering that it is expected not to be able to delete default DNS options from GUI. You can use CLI. Fix for the warnings during commit is targeted to be released on 9.0.4

I am trying to do this in Panoramma using the following command but get an error. The profile I am trying to delete it from is one I created and not a predefined one.

 

delete device-group [device-group] profiles spyware [spyware-profile] botnet-domains lists default-paloalto-cloud

 

No object to delete in delete handler

 

 

Hi Rmarlow,

 

Is it possible that this object is in use? Or maybe shared?
Try cloning this object and deleting the profile "default-paloalto-cloud". If this works, it may be because the original object is referenced.

Thanks for the quick response.

 

Looking at it again this profile was located in shared so I needed to use the following.

 

delete shared profiles spyware [spyware-profile] botnet-domains lists default-paloalto-cloud

 

Many Thanks

L2 Linker

Hi Team 

 

is it possible to share the command to delete the Antispyware profile   

L2 Linker

I ran into this issue when I upgraded some VM-500s to 10.0.6.  I was able to clone the default spyware profile, which I named "default-no-dns-sec"  Then I went into CLI and issued the following commands to delete DNS specific items.

delete shared profiles spyware default-no-dns-sec botnet-domains lists default-paloalto-dns
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-cc
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-ddns
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-grayware
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-malware
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-parked
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-phishing
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-proxy
delete shared profiles spyware default-no-dns-sec botnet-domains dns-security-categories pan-dns-sec-recent

 

On this firewall I have not "production" traffic yet, so I was able to disable all policies.  I enabled 1 with this new profile and pushed from Panorama.  No issues with the commit and no more warning.  All policies and/or Security Profile Groups will need to be updated to completely solve this.

I do have a TAC case open, so I am waiting for confirmation from TAC on this.

L0 Member

I think deleting the AntiSpyWare profile wouldn't be a great move. That will decrease your visibility. Try allowing an exception using the ID. You can do this from the Threat Monitor.

 

J

My comment above is only deleting the dns-sec from the profile, not removing the whole AntiSpyWare profile.  I am still using all the other functions of the AntiSpyWare profile.  Also my solution was confirmed to by TAC for a work around.

  • 1 accepted solution
  • 24550 Views
  • 11 replies
  • 3 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!