This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Action on a vulnerabilty found in a SMTP flow
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- General Topics
- Re: Action on a vulnerabilty found in a SMTP flow
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-19-2017 12:18 AM
Hello,
How to configure the PA firewall to return a SMTP 541 when vulnerability is seen in a SMTP flow ? I have managed to do it with the AV protection but not with the vulnerability protection.
Cedric
8 REPLIES 8
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-23-2017 12:47 AM
That's exactly my problem with PAN-OS 6.1. I was hoping 7.1 solved that issue but it looks like it is not the case ?
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-23-2017 05:49 AM
Hi @aroos_dts , @Cedricd,
I might have mixed up virus/vulnerability in my previous comment 😕
It actually depends if the email is identified as virus or as vulnerability.
Note that in Antivirus profile you have an SMTP decoder (you don't have this decoder in Vulnerability profiles).
The article posted earlier does mention that it only applies to the SMTP decoder.
With the correct action of "reset-both" in the SMTP decoder you will get the 541 response.
However, in the vulnerability profile, there is no such thing as an SMTP decoder so you will get a TCP reset.
The good news is that there is already a feature request to add this functionality to Vulnerability profiles (FR #6548). You can reach out to your local SE and ask him to add your vote to this feature.
Kind regards,
-Kim.
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Don't forget to hit that Like button if a post is helpful to you!
Cheers,
Kiwi
Don't forget to hit that Like button if a post is helpful to you!
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-23-2017 06:45 AM
Hi @kiwi,
thanks for your fast response! So we hope that this will be implemented some day 🙂
Best regards
Alex
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-28-2021 11:45 AM
I've just come across this very issue. Kind of a pain. Any update on the feature request?
Related Content
- DNS Signatures in Threat & Vulnerability Discussions
- Unknown additional fields in GlobalProtect logs in General Topics
- Server got rebooted due to Memory Dump issue in Cortex XDR Discussions
- A way to correlate the logs for DNS Sinkhole? in General Topics
- Cortex XDR PoC: Monitoring Malicious Chrome Extensions in Cortex XDR Discussions
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks