Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tiger_QAs
Contributor

Adding ThreatPrevetion exceptions by setting action to PREVENT to eliminate possibility of FalseNegs

Hello All,

I have a question regarding addition of exceptions to a Threat Prevention policy on perimeter gateways.

BackGround:
Few servers are running DNS queries to external honeypot site and not all of them are getting prevented by Anti-Bot, Few logs show "Detect" too. 

I would like to write an exception on TP policy and set the action to "Prevent", I want to try it to eliminate the possibility of any false negatives. (Refer to the attached image for the exception rule that I wanted to try)

My question is : Is it normal to write TP exceptions and set action to prevent ?  

0 Kudos
3 Replies
Cyber_Serge
Collaborator

I think for the DNS Query, if you configure DNS Trap, it will show "Detect" instead of "Prevent". So seeing "detect" for those might be normal, depend on your setting.

0 Kudos
Tiger_QAs
Contributor

Thanks a lot for the response @Cyber_Serge 

0 Kudos
Timothy_Hall
Legend Legend
Legend

Yes, support for TP exceptions with an action of Prevent (instead of the usual Detect or Inactive) was added in R80.10.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events