Suspicious DNS Query Action

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Suspicious DNS Query Action

L2 Linker

Hello PAN Community,

I would just like to know if its possible to edit or change the default action for a specific suspicious DNS query?

We have a situation here where what we wanted to happen is to drop all the packets for suspicious DNS query instead of resetting both connection.

Thank you in advance.




L2 Linker

Hi Hartkently,

In the vulnerability profile that you are using, you can click on the exception tab and search for the Threat that you want to change the action. On the action column you will then be able to change the action from "default (reset-both)" to "drop"



Hello Narong,

Thank you for that information, I certainly can change the default action there. however, the threats that we are looking for isn't there. please see the image below,


these are the kind of threats that we want change the action.

Thank  you.



Hello Hartkently,

Do you have the "threat-ID" for those you want to change the default action...?




L2 Linker

Hello Hulk,

below is the traffic info of the threat that we want to change the action.


if i'm not mistaken, the ID on the threat details is the threat ID. I tried looking for it on the vulnerability protection and anti-spyware, but the only place i found it was in the DNS signatures and there no change or edit action there.

thank you.



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!