Difference between revisions of "Paltalto firewall Monitor allowed/denied traffic"

From Notes_Wiki
(Created page with "Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paltalto firewall Monitor allowed/denied traffic Go to Monitor -> Logs -> Traffic. Here we filter for source/destination. Here unlike session monitoring we can see historic (Based on log storage capacity of firewall) sessions and whether they were allowed or denied. Example filter ( addr.dst in 192.168.0.0/24 ) Same as monitor ->...")
 
m
Line 6: Line 6:


Same as monitor -> Session Browser, here also we can click on values listed to create addtional filters based on those values.
Same as monitor -> Session Browser, here also we can click on values listed to create addtional filters based on those values.
=Only explicitly allowed/denied traffic is seen in Monitor=
Note that we only see traffic that is allowed by a security policy or denied explicitly by a customer policy in Session Browser / Logs -> Traffic.  If a traffic is denied because there is no matching rule and final catch-all default for firewall is to deny all traffic then such denied traffic is not shown in both "Session Browser" and Logs -> Traffic. 






[[Main_Page|Home]] > [[Enterprise security devices or applications]] > [[Paloalto firewall]] > [[Paloalto troubleshooting options]] > [[Paltalto firewall Monitor allowed/denied traffic]]
[[Main_Page|Home]] > [[Enterprise security devices or applications]] > [[Paloalto firewall]] > [[Paloalto troubleshooting options]] > [[Paltalto firewall Monitor allowed/denied traffic]]

Revision as of 03:40, 26 February 2024

Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paltalto firewall Monitor allowed/denied traffic

Go to Monitor -> Logs -> Traffic. Here we filter for source/destination. Here unlike session monitoring we can see historic (Based on log storage capacity of firewall) sessions and whether they were allowed or denied. Example filter

( addr.dst in 192.168.0.0/24 )

Same as monitor -> Session Browser, here also we can click on values listed to create addtional filters based on those values.


Only explicitly allowed/denied traffic is seen in Monitor

Note that we only see traffic that is allowed by a security policy or denied explicitly by a customer policy in Session Browser / Logs -> Traffic. If a traffic is denied because there is no matching rule and final catch-all default for firewall is to deny all traffic then such denied traffic is not shown in both "Session Browser" and Logs -> Traffic.


Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paltalto firewall Monitor allowed/denied traffic