Palo Alto Networks Knowledgebase: How to Troubleshoot HIP Data

How to Troubleshoot HIP Data

10006
Created On 02/07/19 23:47 PM - Last Updated 02/07/19 23:47 PM
Resolution

To troubleshoot the HIP profile information on the Palo Alto Networks firewall, the following commands can be used.

The following command provides details on the Computer name (PAN00965), Hip profile name (Hip-Profile), user (admin), and IP allocated (172.24.10.1):

> debug user-id dump hip-profile-database

Total number of hipmask in database: 1

Total size of hip reports: 1029KB used / 1248256KB

Entry    User                               Computer

IP              TTL   VSYS               HIP Profile

----------------------------------------------------------------------

1         admin                                PAN00965

172.24.10.1     10747 vsys1           Hip-Profile

----------------------------------------------------------------------

The following command generates a lot of output in xml format. Only the data useful for troubleshooting is displayed below:

> debug user-id dump hip-report computer PAN00965 user admin ip 172.24.10.1

<?xml version="1.0" encoding="UTF-8"?>

<hip-report>

        <user-name>admin</user-name>

        <host-name>PAN00965</host-name>

        <ip-address>172.24.10.1</ip-address>

        <generate-time>10/29/2012 16:51:17</generate-time>

        <categories>

                <entry name="host-info">

                        <client-version>1.1.7-11</client-version>

                        <os>Microsoft Windows 7 Enterprise Edition Service Pack 1, 32-bit</os>

                        <os-vendor>Microsoft</os-vendor>

                        <host-name>PAN00965</host-name>

        <network-interface>

                                <entry name="{7383A4FF-0140-4E4C-B70F-0D30438851C9}">

                                        <description>PANGP Virtual Ethernet Adapter</description>

                                        <mac-address>02-50-41-00-00-01</mac-address>

                                        <ip-address>

                                                <entry name="172.24.10.1"/>

                                        </ip-address>

                                </entry>

                <entry name="firewall">

                        <list>

                                <entry>

                                        <ProductInfo>

                                                <Prod name="Microsoft Windows Firewall" version="7" vendor="Microsoft Corp.">

                                                </Prod>

                                                <is-enabled>yes</is-enabled>

                                        </ProductInfo>

                                </entry>

                        </list>

                </entry>

                <entry name="disk-backup">

                        <list>

                                <entry>

                                        <ProductInfo>

                                                <Prod name="Dropbox" version="1.2.52" vendor="Dropbox">

                                                </Prod>

                                                <last-backup-time>n/a</last-backup-time>

                                        </ProductInfo>

                                </entry>

                        </list>

                </entry>

In the above output, look for the HIP objects configured for the PC PAN00965. There are two objects, one is the firewall and the other is disk-backup as seen above.

In the security rules configured for checking the Microsoft windows firewall to be enabled, the HIP report shows that the windows firewall is enabled for the PC.

Since the HIP data is verified the security rule would match and take the action defined.

See also

How_to_Create-a_HIP_Match_4.0.pdf for more information on how to implement HIP profiles.

owner: ssunku



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClshCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language