04-27-2015 07:52 AM
We have a server that runs vulnerability scans that I would like to white-list against ALL threats... Is there an easy way to do this?
Thanks
04-27-2015 08:48 AM
For specific vulnerabilities, you can create an exception.
Add a Vulnerability Exception Specifically Based Upon Source and Destination IP Address
https://live.paloaltonetworks.com/docs/DOC-7907
But if you want to white-list one particular IP against all vulnerabilities, the only way is to create a security policy for that specific IP address without security profiles (keep this policy on TOP)
Regards,
Rahul Singh
04-29-2015 06:20 AM
Two options
1. Configure the security profiles for the server's security policy to be alert only on all levels (useful for comparison purposes between the Palo Alto Networks firewall and the server outputs)
2. Configure no security profiles for the server's security policy.
Configuring exceptions for all current signatures would require updating each time that new signatures are released. This is double edged in that it would be more work to keep up to date, but would also create greater familiarity with the current list of signatures on the firewall
07-18-2015 03:59 AM
Try to add a new security policy at the top of your rule base without any Vulnerability Protection, Anti-Spyware and Antivirus profiles. Just use the scanner's IP in the source field of the new rule and add all destination zones and addresses you wish to scan. Ideally you place the VA-scanner in a separate zone without any zone protection enabled.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
