Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tiger_QAs
Participant

Adding ThreatPrevetion exceptions by setting action to PREVENT to eliminate possibility of FalseNegs

Hello All,

I have a question regarding addition of exceptions to a Threat Prevention policy on perimeter gateways.

BackGround:
Few servers are running DNS queries to external honeypot site and not all of them are getting prevented by Anti-Bot, Few logs show "Detect" too. 

I would like to write an exception on TP policy and set the action to "Prevent", I want to try it to eliminate the possibility of any false negatives. (Refer to the attached image for the exception rule that I wanted to try)

My question is : Is it normal to write TP exceptions and set action to prevent ?  

0 Kudos
3 Replies
Cyber_Serge
Collaborator

I think for the DNS Query, if you configure DNS Trap, it will show "Detect" instead of "Prevent". So seeing "detect" for those might be normal, depend on your setting.

0 Kudos
Tiger_QAs
Participant

Thanks a lot for the response @Cyber_Serge 

0 Kudos
Timothy_Hall
Champion
Champion

Yes, support for TP exceptions with an action of Prevent (instead of the usual Detect or Inactive) was added in R80.10.

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos