Paltalto firewall Monitor allowed/denied traffic

From Notes_Wiki

Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paltalto firewall Monitor allowed/denied traffic

Go to Monitor -> Logs -> Traffic. Here we filter for source/destination. Here unlike session monitoring we can see historic (Based on log storage capacity of firewall) sessions and whether they were allowed or denied. Example filter

( addr.dst in 192.168.0.0/24 )

Same as monitor -> Session Browser, here also we can click on values listed to create addtional filters based on those values.


Only explicitly allowed/denied traffic is seen in Monitor

Note that we only see traffic that is allowed by a security policy or denied explicitly by a customer policy in Session Browser / Logs -> Traffic. If a traffic is denied because there is no matching rule and final catch-all default for firewall is to deny all traffic then such denied traffic is not shown in both "Session Browser" and Logs -> Traffic.

We can see even implicitly blocked traffic due to final catch-all in packet capture.


Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paltalto firewall Monitor allowed/denied traffic