Difference between revisions of "Paltalto firewall Monitor Session Browser"

From Notes_Wiki
(Created page with "Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paltalto firewall Monitor Session Browser We can monitor for sessions from specific source or to specific destinations to see whether they are even going through firewall. Once we go to Monitor -> Session Browser and configure filters. For filter click on any source / destination etc. listed and change the value. Example filter to s...")
 
m
Line 8: Line 8:
Then we should try the application.  This only shows future sessions after we enable filter.  Old attempts are not visible here.  This will only show various flows associated with this destination and related zones (eg VPN to LAN)
Then we should try the application.  This only shows future sessions after we enable filter.  Old attempts are not visible here.  This will only show various flows associated with this destination and related zones (eg VPN to LAN)


=Only explicitly allowed/denied traffic is seen in Monitor=
Note that we only see traffic that is allowed by a security policy or denied explicitly by a customer policy in Session Browser / Logs -> Traffic.  If a traffic is denied because there is no matching rule and final catch-all default for firewall is to deny all traffic then such denied traffic is not shown in both "Session Browser" and Logs -> Traffic. 




[[Main_Page|Home]] > [[Enterprise security devices or applications]] > [[Paloalto firewall]] > [[Paloalto troubleshooting options]] > [[Paltalto firewall Monitor Session Browser]]
[[Main_Page|Home]] > [[Enterprise security devices or applications]] > [[Paloalto firewall]] > [[Paloalto troubleshooting options]] > [[Paltalto firewall Monitor Session Browser]]

Revision as of 03:40, 26 February 2024

Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paltalto firewall Monitor Session Browser

We can monitor for sessions from specific source or to specific destinations to see whether they are even going through firewall. Once we go to Monitor -> Session Browser and configure filters. For filter click on any source / destination etc. listed and change the value. Example filter to show only matching destination sessions is:

( destination.eq '1.1.1.1')

Then we should try the application. This only shows future sessions after we enable filter. Old attempts are not visible here. This will only show various flows associated with this destination and related zones (eg VPN to LAN)


Only explicitly allowed/denied traffic is seen in Monitor

Note that we only see traffic that is allowed by a security policy or denied explicitly by a customer policy in Session Browser / Logs -> Traffic. If a traffic is denied because there is no matching rule and final catch-all default for firewall is to deny all traffic then such denied traffic is not shown in both "Session Browser" and Logs -> Traffic.


Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paltalto firewall Monitor Session Browser