Maybe it's there, in a doc, but I cannot find it...
Suppose I have tiered architecture.
And suppose developer breaks his code and want's to connect to other security zone or to the outside world buth should not, and I want his application to know it immidiatelly by getting tcp reset.
Right now I catch myself debugging for several hours routing problems and apps under development bugs which do not exist.
I really want to have one rule, last rule, default rule which rejects and not just drops, waiting for timeout.
A timeout can happen from different reasons
Is there some magick switch which can allow me to break tcp connection immidiatelly, client-reject or something ?
There is another thread in here (which I cannot locate for the moment) with similar topic.
In short you should contact your Sales Engineer to file this as a feature request.
Today the PA unit will select the "best" method on its own depending on what kind of traffic is being blocked.
I think it currently uses "drop" (just drop the packets), "reject tcp" (send tcp-rst to client and/or server), "reject icmp" (send icmp unreachable to client and/or server) - or combination of them (for example "drop" towards client and "reject tcp" towards server and stuff like that where client is the one who initiated the session).
I agree with you it would be nice if one could select "deny" to let PA do its stuff as today or manually specify "drop", "reject" (which would include all reject methods), "reject tcp" or "reject icmp" (or some other method which I might have forgot - icmp host unreachable could also be icmp administrative prohibited or icmp net unreachable).
Thank you very much for your message. I've searched for similiar topics but none seem to address or reply to my needs.
I was looking for a solution but no luck so far.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!