Difference between revisions of "Paltalto firewall Monitor allowed/denied traffic"
(Created page with "Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paltalto firewall Monitor allowed/denied traffic Go to Monitor -> Logs -> Traffic. Here we filter for source/destination. Here unlike session monitoring we can see historic (Based on log storage capacity of firewall) sessions and whether they were allowed or denied. Example filter ( addr.dst in 192.168.0.0/24 ) Same as monitor ->...") |
m |
||
Line 6: | Line 6: | ||
Same as monitor -> Session Browser, here also we can click on values listed to create addtional filters based on those values. | Same as monitor -> Session Browser, here also we can click on values listed to create addtional filters based on those values. | ||
=Only explicitly allowed/denied traffic is seen in Monitor= | |||
Note that we only see traffic that is allowed by a security policy or denied explicitly by a customer policy in Session Browser / Logs -> Traffic. If a traffic is denied because there is no matching rule and final catch-all default for firewall is to deny all traffic then such denied traffic is not shown in both "Session Browser" and Logs -> Traffic. | |||
[[Main_Page|Home]] > [[Enterprise security devices or applications]] > [[Paloalto firewall]] > [[Paloalto troubleshooting options]] > [[Paltalto firewall Monitor allowed/denied traffic]] | [[Main_Page|Home]] > [[Enterprise security devices or applications]] > [[Paloalto firewall]] > [[Paloalto troubleshooting options]] > [[Paltalto firewall Monitor allowed/denied traffic]] |
Revision as of 03:40, 26 February 2024
Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paltalto firewall Monitor allowed/denied traffic
Go to Monitor -> Logs -> Traffic. Here we filter for source/destination. Here unlike session monitoring we can see historic (Based on log storage capacity of firewall) sessions and whether they were allowed or denied. Example filter
( addr.dst in 192.168.0.0/24 )
Same as monitor -> Session Browser, here also we can click on values listed to create addtional filters based on those values.
Only explicitly allowed/denied traffic is seen in Monitor
Note that we only see traffic that is allowed by a security policy or denied explicitly by a customer policy in Session Browser / Logs -> Traffic. If a traffic is denied because there is no matching rule and final catch-all default for firewall is to deny all traffic then such denied traffic is not shown in both "Session Browser" and Logs -> Traffic.
Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paltalto firewall Monitor allowed/denied traffic