Different Actions for Security Rules

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Different Actions for Security Rules

L1 Bithead

Hi Guys,

I would like to know what are the difference between the following actions in the security rules for PA.

1. Deny

2. Drop

3. Reset-client

4. Reset-server

5. Reset-both

Which of these are the most preferred to use? Is deny or drop action also resets the connection for both server and client? 

Thanks

4 REPLIES 4

Community Team Member

Hi @Nikko ,

 

Here are all actions explained:

 

https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/policy/security-policy/security-policy-ac...

 

Cheers !

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

L7 Applicator

@Nikko You asked:

"Which of these are the most preferred to use? Is deny or drop action also resets the connection for both server and client? "

 

Answer:

It really depends on what you are wanting to do. If this is normal traffic, then a Deny would be fine. 

If this is traffic that you would want the remote end to not "get a response" , then you would use Drop.

as far as the reset.. the note states:

A reset is sent only after a session is formed. If the session is blocked before a 3-way handshake is completed, the firewall will not send the reset.

 

I hope this helps.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

L0 Member

If no Deny Action is listed, the packets will be silently discarded. Drop-reset will discard the session's packets and send a TCP RST packet to let the client know the session has been terminated so it can gracefully close the session locally. In case the session is UDP or ICMP based, an ICMP Unreachable will be sent

L0 Member

@iMessage PC wrote:

Hi Guys,

I would like to know what are the difference between the following actions in the security rules for PA.

1. Deny

2. Drop

3. Reset-client

4. Reset-server

5. Reset-both

Which of these are the most preferred to use? Is deny or drop action also resets the connection for both server and client? 

Thanks


Relies upon what you are needing to do. On the off chance that this is typical traffic, at that point a Deny would be fine. On the off chance that this is traffic that you would need the far off finish to not "get a reaction" , at that point you would utilize Drop.

  • 2982 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!