06-17-2025 02:02 AM
Dear community!
I have configured a vulnerability profile to make use of threat ID 40017 in order to prevent brute force attacks on globalprotect portal page. Followed this article:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJ2CAK
It works well but once the offender IP has been blocked, if I remove the IP from block-table with command "debug dataplane reset dos zone <ZONE> block-table source <IP>" and I try to login again, the portal page is not available, I need to wait for the duration of the blocking time to be expired before I can get to the GP portal login page again. I have tried with different Pan-OS in 10.2 and 11.1 trains.
Do you know if this working as per design or maybe a bug that wasn´t fixed and carried through different Pan-OS??
Thank you in advanced!
06-17-2025 12:25 PM
I would recommend opening a ticket with TAC and reporting the behavior. Outside of initial configuration and dialing-in the time attribute settings that you have set, most people wouldn't have a reason to utilize this command to lift this block. I would not expect this to be expected behavior seeing as the debug command is supposed to clear the listing without regard for duration, so I'm guessing that this is a bug that people just haven't noticed because it would be an infrequent action.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
