Basics of Traffic Monitor Filtering
Created On 09/25/18 19:02 PM - Last Modified 03/03/20 04:45 AM
- Any PAN-OS.
- Palo Alto Firewall.
- A good practice when drilling down into the traffic log when the search starts off with little to no information, is to start from least specific and add filters to more specific.
- When troubleshooting, instead of directly filtering for a specific app, try filtering for all apps except the ones you know you don't need, for example '(app neq dns) and (app neq ssh)'
- You can also throw in protocols you don't need (proto neq udp) or IP ranges ( addr.src notin 192.168.0.0/24 )
- This practice helps you drill down to the traffic of interest without losing an overview by searching too narrowly from the start.