This is Kim from the Palo Alto Networks Community team, bringing you a new Palo Alto Networks video tutorial.
In today's tutorial, I will cover 'Application Filter Traffic Reports,' a topic discussed in our forum where a member asked if it is possible to create traffic reports based on application filters.
Without further ado, let's move forward to our firewall and I'll explain.
First, I'll have to explain what is an application filter.
On the firewall, go to the Objects tab and select Applications on the left. This will present you the default view of all the applications showing you over 2000 applications.
You can add a custom filter or you can select a default filter just below. There's Category, Subcategory, Technology, Risk and Characteristic.
By selecting one of the filters, the view will immediately change the amount of applications below. For example, let's select Subcategory 'gaming' and notice that the application list below immediately reflects this change, only showing you all the applications where the Subcategory = gaming.
The question was: Is it possible to create a traffic log report based on these filters?
To clarify the question further, let's move to the Monitor tab.
Notice all the columns, and by clicking the arrow, you can add more columns. Notice, however, that none of the application filters are a selectable option. They just aren't there. Based on that information, you might assume that it's not possible to create a traffic log report based on those criteria.
Luckily, we have Custom reports that can come to our rescue to create such a report.
On the left side, at the bottom, click 'Manage Custom Reports' and create a new report. In this video, we'll continue using the subcategory 'gaming' as an example.
Let's call the report 'Subcategory_Gming' and change the database to the Summary database - Traffic. Notice that the available columns changed. We'll add a few more columns so that the final report makes more sense. We'll add 'Application', 'Appl Sub Category', 'Day', 'Destination Address', 'Source User' and move 'Day' to the top.
We also need to add a filter to specify that we only want output from the subcategory 'gaming'. In order to do so, we'll select the 'App Subcategory', 'equal', 'gaming'. Add that, select a bigger time frame and select top-100. Click OK and confirm the configuration is OK. You can go ahead and test the report by clicking the 'Run Now' button. Depending on the size of the report, it can take a little while. Notice the final report lists different Applications but that the subcategory is only 'gaming'. You can export the report to PDF, CSV or XML. Altneratively, you can schedule the report and have it mailed to you using the Email Scheduler.
This is how you can generate a report using application filters.
Don't forget to commit your changes and you are ready to start using this custom report.
This concludes this video on creating traffic reports based on application filters. As always, feel free to add your questions in the comment section below or reach out to us in the community.