Just used heartbleed in the threat name on the rule in the Vuln' protection profile and set the action to block
This forces traffic to be dropped for the "medium" severity threats related to heartbleed in the 430 update.
Effect from one of the online tests will be a timeout and you'll get an event in the threat log.
The target system MUST be vulnerable to trigger these signatures, if you've already patched it you wont see anything in the logs.
Ah, so you made a custom Vulnerability Protection profile then applied that to your security policies. . That makes sense. Thank you!
I've had problems installing on some 2020 appliances, (3020's have been fine)..
I've put it down to crappy management plane resources.
try from the cli...
request content check
request content upgrade download latest
request content upgrade install latest
show jobs id xxxx to see the progress of any of these.
Seemed to work for me..
Should mention, if you have medium severity threats set to alert in the profile, make sure that the rule for heartbleed is above this! you can shuffle the ordering around in the vuln' protection profile.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!