An administrator has configured a Security policy where the matching condition includes a single application, and the action is drop.
If the application's default deny action is reset-both, what action does the firewall take?
An administrator has configured a Security policy where the matching condition includes a single application, and the action is drop.
If the application's default deny action is reset-both, what action does the firewall take?
The firewall action 'drop' silently drops the traffic, overriding the application's default deny action of 'reset-both'. When a security policy rule is set to 'drop', a TCP reset is not sent to the host/application.
"the action is drop" this is stated in the question :) Drop: Silently drops the traffic; for an application, it overrides the default deny action. A TCP reset is not sent to the host/application.
So it is clearly A.
If a policy is set to drop, it will take precedence over the app I’d configuration
It's D Reset both= Sends a TCP reset to both the client-side and server-side devices.
It will not process the application profile and drop the traffic; A
Security policy action comes first. So the action will be drop
The answer is D https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/security-policy/security-policy-actions Reset both= Sends a TCP reset to both the client-side and server-side devices.
correct answer is A
In Palo Alto’s PAN-OS, if a Security policy is configured with a matching condition that includes a single application and the action is set to drop, the firewall will silently drop the traffic1. This means that a TCP reset is not sent to the host/application1. This action overrides the default deny action of the application, even if it’s set to reset-both1. Therefore, the correct answer is A. It silently drops the traffic.
Deny Action App-IDs are developed with a default deny action that dictates how the firewall responds when the application is included in a Security policy rule with a deny action. The default deny action can specify either a silent drop or a TCP reset. You can override this default action in Security policy.
For traffic that matches the attributes defined in a security policy, you can apply the following actions: DROP Silently drops the traffic; for an application, it overrides the default deny action. A TCP reset is not sent to the host/application. For Layer 3 interfaces, to optionally send an ICMP unreachable response to the client, set Action: Drop and enable the Send ICMP Unreachable check box. When enabled, the firewall sends the ICMP code for communication with the destination is administratively prohibited—ICMPv4: Type 3, Code 13; ICMPv6: Type 1, Code 1.
It looks like A. D would be valid, if the security policy action will be deny and not drop as mentioned in the question. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClltCAC
guys its D, i just had it in the Practice Exam, may-2023
The correct answer is A
answer id D as on the Palo Alto practice exam link below https://beacon.paloaltonetworks.com/assessment_responses/report/16167409#assessment-response-details
The correct answer is D. Reset-both => Sends a TCP reset to both the client-side and server-side devices. https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/objects/objects-security-profiles-vulnerability-protection
This link refers to action for a signatures: Objects>Security ProfilesVulnerability Protection, and not for the exam question. Please refrain from posting incorrect answers!
Should be A because the comment "and the action is drop" as is not a deny the security policy rule will not fall under the Deny APP default action.
Reset Both For TCP, resets the connection on both the client and server ends. For UDP, drops the connection.