04-19-2020 04:30 PM
Hello,
I have a question related to the actions that I can configure in Security Profile. Specifically, Vulnerability Protection.
What happens if I set the action as "Alert"? Will it drop the connection? Or the connection will be permitted, and it just logs the traffic of the malicious action executed?
Regards,
04-19-2020 11:01 PM
If you set actions as "alert" then it won't block/drop connection. It will permit traffic and log that traffic. If you really want to drop specific traffic against any threat/CVE, you need to set action as "drop". Also there are other actions available that you can set. e.g. Block IP, Reset Server/client/both and allow.
There are default actions set for each signature or threat id. You can override these actions as per your requirements.
Hope it helps!
Mayur
04-19-2020 11:01 PM
If you set actions as "alert" then it won't block/drop connection. It will permit traffic and log that traffic. If you really want to drop specific traffic against any threat/CVE, you need to set action as "drop". Also there are other actions available that you can set. e.g. Block IP, Reset Server/client/both and allow.
There are default actions set for each signature or threat id. You can override these actions as per your requirements.
Hope it helps!
Mayur
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
