I have applied it but when we test our websites using Test your server for Heartbleed (CVE-2014-0160) it reports our sites as vulnerable.
rgreens, Are you seeing the vulnerability signature firing in the Threat Log? When we try either that website or the Python script that is going around against our websites, I do not see anything in the Threat log after we have applied 429-2164.
I'm using ssltest.py to test various sites both behind a pair of PA firewalls and internal sites where traffic is monitored by a PA4020 in tap mode only, and I can't get the threat alert to fire off when I test sites. Is anyone else having trouble verifying the threat rule is working?
For reference I'm using ssltest.py from here:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!