PA-820 Threat License attack passed

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

PA-820 Threat License attack passed

L0 Member

Hello Guys,


This is my first post here and I am very sad.


I am big fan of PA and had a couple of implementations with customers but...

Sadly, last sunday, PA-820 appliances in HA were not enough to stop hackers/attack.


Customer of mine had some public exposed servers(public services).

In log files I saw many login attempts and no Brute-force signature engaged.

Interesting is here in the screenshot.

1. Vulnerability stopped and than again....login attempt:


All internal serves and infrastructure were down and has to be REBUILD from scratch. 😞


PLEASE give advice on how to "fine tune" vulnerability protection to stop these kind and future threats.

Somewhere I read that brute-force timers/attempts should be managed but I think this is not enough.

Maybe the login attempts were not the only problem.

I can show traffic logs for many login attempts BUT No threats.


P.S.: Of course it has Threat License and company DID loose huge amount of money as Monday morning there were no servers.


I would be happy to receive any help.



Cyber Elite
Cyber Elite

for critical level threats and specifically for brute force threats I usually set a block-ip action for a good amount of time to discourage hammering internal resources

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!