Ping a Specific Port

Question

xddsg

Asked: 2012-11-16 10:40:44 +0800 CST2012-11-16 10:40:44 +0800 CST 2012-11-16 10:40:44 +0800 CST

Log incoming traffic on PAN-OS (Palo Alto Networks) firewall

772

Have a Palo Alto Networks PA-200 firewall with the basic setup complete, all outgoing traffic allowed and working fine.

This is showing up in the traffic logs going from the created internal and external zones.

I have been unable to log traffic that is coming in from the external zone - using the packet capture feature I can see pings hitting the interface, but can not get any logs showing dropped packets.

How can I make this type of traffic visible?

There is next to no information online about configuring these devices and just getting this far has been quite hard work!

tag request: palo-alto-networks

1 Answers

Voted

SpacemanSpiff · Answer 1 · 2012-11-16T11:03:44+08:00

Best Answer

SpacemanSpiff

2012-11-16T11:03:44+08:002012-11-16T11:03:44+08:00

What you are missing is an explicit deny rule that logs the traffic, but be careful, sometimes you have intra-zone traffic out there that is expected behavior.

So... create a rule from external to internal zones to deny all traffic with logging.

3

Log incoming traffic on PAN-OS (Palo Alto Networks) firewall

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?