Paltalto firewall Monitor Session Browser

From Notes_Wiki

Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paltalto firewall Monitor Session Browser

We can monitor for sessions from specific source or to specific destinations to see whether they are even going through firewall. Once we go to Monitor -> Session Browser and configure filters. For filter click on any source / destination etc. listed and change the value. Example filter to show only matching destination sessions is:

( destination.eq '1.1.1.1')

Then we should try the application. This only shows future sessions after we enable filter. Old attempts are not visible here. This will only show various flows associated with this destination and related zones (eg VPN to LAN)


Only explicitly allowed/denied traffic is seen in Monitor

Note that we only see traffic that is allowed by a security policy or denied explicitly by a customer policy in Session Browser / Logs -> Traffic. If a traffic is denied because there is no matching rule and final catch-all default for firewall is to deny all traffic then such denied traffic is not shown in both "Session Browser" and Logs -> Traffic.

We can see even implicitly blocked traffic due to final catch-all in packet capture.


Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paltalto firewall Monitor Session Browser