Anti-virus Block Option Not Available

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Anti-virus Block Option Not Available

L3 Networker

Hello Community,

 

I would like to set an Antivirus action to 'Block', but for some reason that option isn't available, see image. However, it has been available on my other PA-VM. Can someone explain why I can't see that option here?

 

block.png

1 accepted solution

Accepted Solutions

L1 Bithead

These are the only available actions for antivirus profiles.  Drop along with reset-both are the same as "block".  Drop will silently drop the traffic.  Reset-both will send TCP resets to both the client and server (or drops the traffic if its UDP).

 

I have my profiles configured to reset-both.  In the case of a incoming virus over SMTP, reset-both will send a 541 response to the mail server preventing it from attempting to resend the blocked message again.

 

You can find more information about this in the administrator's guide.

View solution in original post

4 REPLIES 4

L1 Bithead

These are the only available actions for antivirus profiles.  Drop along with reset-both are the same as "block".  Drop will silently drop the traffic.  Reset-both will send TCP resets to both the client and server (or drops the traffic if its UDP).

 

I have my profiles configured to reset-both.  In the case of a incoming virus over SMTP, reset-both will send a 541 response to the mail server preventing it from attempting to resend the blocked message again.

 

You can find more information about this in the administrator's guide.

Has this been changed in recent versions? We are running 6.1.10 and have the block option in our antivirus profile.

 

Skjermbilde.jpg

Community Team Member

Hi,

 

This is mentioned in the 7.0 release notes.

It's one of the changes to default behavior in PAN-OS 7.0 :

 

 

---Release Notes---

The default actions for handling threats now are alert or reset-both (sides of the connection). In releases prior to PAN-OS 7.0.0, the defaults were alert or block. On upgrade, the block action will be converted to reset-both; and the drop-packets option is now renamed as drop. On downgrade, all actions configured as drop or reset, will be converted to block.

---Release Notes---

 

regards,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Block in older version is reset-both in newer version. Plus there are now options to drop silently or reset only one side.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 1 accepted solution
  • 3195 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!