davido140 wrote:
Just used heartbleed in the threat name on the rule in the Vuln' protection profile and set the action to block
This forces traffic to be dropped for the "medium" severity threats related to heartbleed in the 430 update.
Effect from one of the online tests will be a timeout and you'll get an event in the threat log.
The target system MUST be vulnerable to trigger these signatures, if you've already patched it you wont see anything in the logs.
Ah, so you made a custom Vulnerability Protection profile then applied that to your security policies. . That makes sense. Thank you!
... View more