12-12-2024 01:19 PM
- We have a Vulnerability Protection for threat ID 40017 SSL VPN Authentication Brute Force Attempt in place.
- With default Time attribute as 10 hits per 60 seconds, action as Block IP and have called in the security policy but it is not being triggered.
- reference https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJ2CAK
- We have already added 40017 in the Vulnerability Protection Profile - exceptions and were able to find it there.
- The commit is successful, but we see the warning in the commit window as:
- We have the latest App and threat package installed in dynamic updates already
- But we have Threat Prevention license as Trial license would this be the root cause of this? or Any other suggestions?
Thanks in Advance.
12-17-2024 01:35 PM
Hi @Param_Upadhyay ,
Can you navigate to your Vulnerability Protection profiles (Objects -> Security Profiles -> Vulnerability Protection) and search for the threat ID. Open up any of your profiles or you can click add (you can cancel out once done), click on the Exceptions tab, and select Show all signatures. Do you see any threats populate? Next, can you search for "40017", do you see the threat pop up?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
