This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Block page for vulnerability protection

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Block page for vulnerability protection

Go to solution
oshcomp
Not applicable

‎03-27-2012 02:09 PM

I have been testing the security profile for vulnerability protection.  I set the action for all critical threats to block. What should I expect to see on the user computer screen if a site does contain a critical threat recognized by Palo Alto?  Should the user see a block page?

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
fredallee
L4 Transporter

‎03-28-2012 04:49 PM

No, the user would not see a block page for a vulnerability exploit that was detected. If a specially crafted web page contained an exploit, we would take the action associated with that signature on the profile, i.e. drop all packets and send a tcp reset to the client, server, or both, alert, etc. We don't have a block page for vulnerability protection.

View solution in original post

1 person found this solution to be helpful.
0 Likes Likes
3 REPLIES 3

Go to solution
mikand
L6 Presenter

‎03-27-2012 03:06 PM

If the client is using a browser it should see the block page which informs the client of why access have been blocked.

Dont forget to enable ssl-termination in order to inspect (and block) bad stuff using https.

You can also make custom block pages if you wish (for example if you wish to use a different design/layout or for that matter use a local language).

Check the PA-4.1_Administrators_Guide.pdf for more info (search for "block page").

0 Likes Likes

Go to solution
fredallee
L4 Transporter

‎03-28-2012 04:49 PM

No, the user would not see a block page for a vulnerability exploit that was detected. If a specially crafted web page contained an exploit, we would take the action associated with that signature on the profile, i.e. drop all packets and send a tcp reset to the client, server, or both, alert, etc. We don't have a block page for vulnerability protection.

1 person found this solution to be helpful.
0 Likes Likes

Go to solution
mikand
L6 Presenter
In response to fredallee

‎03-28-2012 11:13 PM

Ahh yes sorry, was thinking of something else.

"Vuln protection" in PAN is the IDP engine which acts at session-control level (just dropping the packets or sending tcp-rst's to make server and/or client to drop the connection).

Current possible response pages seems to be (which you also can make your own versions of):

- Default Antivirus Response Page

- Default Application Block Page

- Default File Blocking Block Page

- Default URL Filtering Response Page

- Default Anti-Spyware Download Response Page

- Default Decryption Opt-out Response Page

- Captive Portal Comfort Page

- URL Filtering Continue and Override Page

- SSL VPN Login Page

- SSL Certificate Revoked Notify Page

0 Likes Likes
  • 1 accepted solution
  • 2963 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks