Difference between revisions of "Paltalto firewall Monitor Session Browser"
m |
m |
||
Line 11: | Line 11: | ||
=Only explicitly allowed/denied traffic is seen in Monitor= | =Only explicitly allowed/denied traffic is seen in Monitor= | ||
Note that we only see traffic that is allowed by a security policy or denied explicitly by a customer policy in Session Browser / Logs -> Traffic. If a traffic is denied because there is no matching rule and final catch-all default for firewall is to deny all traffic then such denied traffic is not shown in both "Session Browser" and Logs -> Traffic. | Note that we only see traffic that is allowed by a security policy or denied explicitly by a customer policy in Session Browser / Logs -> Traffic. If a traffic is denied because there is no matching rule and final catch-all default for firewall is to deny all traffic then such denied traffic is not shown in both "Session Browser" and Logs -> Traffic. | ||
We can see even implicitly blocked traffic due to final catch-all in packet capture. | |||
[[Main_Page|Home]] > [[Enterprise security devices or applications]] > [[Paloalto firewall]] > [[Paloalto troubleshooting options]] > [[Paltalto firewall Monitor Session Browser]] | [[Main_Page|Home]] > [[Enterprise security devices or applications]] > [[Paloalto firewall]] > [[Paloalto troubleshooting options]] > [[Paltalto firewall Monitor Session Browser]] |
Latest revision as of 03:41, 26 February 2024
Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paltalto firewall Monitor Session Browser
We can monitor for sessions from specific source or to specific destinations to see whether they are even going through firewall. Once we go to Monitor -> Session Browser and configure filters. For filter click on any source / destination etc. listed and change the value. Example filter to show only matching destination sessions is:
( destination.eq '1.1.1.1')
Then we should try the application. This only shows future sessions after we enable filter. Old attempts are not visible here. This will only show various flows associated with this destination and related zones (eg VPN to LAN)
Only explicitly allowed/denied traffic is seen in Monitor
Note that we only see traffic that is allowed by a security policy or denied explicitly by a customer policy in Session Browser / Logs -> Traffic. If a traffic is denied because there is no matching rule and final catch-all default for firewall is to deny all traffic then such denied traffic is not shown in both "Session Browser" and Logs -> Traffic.
We can see even implicitly blocked traffic due to final catch-all in packet capture.
Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paltalto firewall Monitor Session Browser