I set medium to drop in the vulnerability protection profile,
but when I check the log, Severity is medium, but action is alert. Why not drop?
If you check the verbose log, the type is url and action is alert. Severity is informational.
In this case, isn't url processing prioritized and not dropped?
Hi @t-katsuki ,
First where are you looking for the logs, i mean under Threat or URL filtering section? If you want to see vulnerability protection profile related logs, please check under threat logs tab. Also before checking logs under said tab, you need to have that profile to be mapped to the security policy which is allowing the traffic. Unless you have VP profile attached to the security policy, it wont come into picture while processing the traffic.
there is a distinct diffeentce between vulnerability logs and url logs
an url log will always be severity informational, the action will depend on what the category action is set to, so might be alert (url allowed), block-ur, continue, ...
as you can see in the example below, there are 3 logs ssociated to a single session and all have a different severity and action
the traffic log in green is a simple allow rule, no severity. this is because the session was allowed intitially by the security policy
the url filtering log in red is informational and alert, because url logs are always informational, and the url category was allowed in the url filtering profile
the vulnerability profile in purple is critical and reset-both, because a vulnerability was found once the http connection started going and payload was transferred that contained something bad
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!