Focus

PAN-OS CLI Quick Start

CLI Cheat Sheet: CTD Evasion Detection

Table of Contents

Use the following table to quickly locate commands for CLI commands related to CTD (content and threat detection engine) fail-close behavior.

These CLI commands are typically used for internal testing purposes or under the guidance of Palo Alto Networks Support.

If you want to ...	Use ...
Block the session if decoding errors occur while decoding Base64 encoded traffic.	> set system setting ctd block-on-base64-decode-error enable
Block the session if decoding errors occur while decoding BDAT-Chunk traffic.	> set system setting ctd block-on-bdat-chunk-decode-error enable
Block the session if decoding errors occur while decoding chunked transfer encoded traffic.	> set system setting ctd block-on-chunk-decode-error enable
Block the session if decoding errors occur while decoding quoted-printable encoded traffic.	> set system setting ctd block-on-qp-decode-error enable
Block the session if decoding errors occur while decoding UTF encoded traffic.	> set system setting ctd block-on-utf-decode-error enable
Block the session if decoding errors occur while decoding uuencoded traffic.	> set system setting ctd block-on-uu-decode-error enable
Block the session if decoding errors occur while decoding zip encoded traffic.	> set system setting ctd block-on-zip-decode-error enable
Block the session if decoding errors occur while decoding Brotli encoded traffic. Only available in PAN-OS 11.2.4 and later.	> set system setting ctd block-on-brotli-decode-error enable