Ronaldgoh wrote: hi i noticed that in some "critical", "high" and "medium" severity vulnerabilities, the default action is just "alert"... especially those brute-force attempts. at the moment, our system is set for default to take care of these. however, i remember a thread here advising to set the action to "block" for medium severity on the server side vulnerabilities... is it safe to set action to "block" for "critical", "high" and "medium" severity for server side? will this break applications? thanks! rgds, - ron If you raise your level to "block" and the threat is detected the firewall will, as the name suggests, block the traffic from transitting. Now, if you're 100% sure the threats being detected are valid, then I suggest you might want to block them. If, however, you're worried about false positives - then don't. The block action may well break soemthing, especially if it triggers a positive threat detection when it's not really a threat. "Alert" is good if you have time to sit and watch threat logs, and can get on top of reported threats immediately - if you're like msot people and DON'T have this time, then block is a good option. Depends how paranoid you are, and how critical potentially blocking a valid action might be. Cheers
... View more