![]() All Traffic That Has Been Allowed By The Firewall RulesĮxplanation: shows all traffic allowed by the firewall rules.All Traffic Outbound On Interface ethernet1/xĮxample: (interface.dst eq 'ethernet1/5')Įxplanation: shows all traffic that was sent out on the PA Firewall interface Ethernet 1/5.All Traffic Inbound On Interface ethernet1/xĮxample: (interface.src eq 'ethernet1/2')Įxplanation: shows all traffic that was received on the PA Firewall interface Ethernet 1/2.(receive_time geq 'yyyy/mm/dd hh:mm:ss') and (receive_time leq 'YYYY/MM/DD HH:MM:SS')Įxample: (receive_time geq '0 08:30:00') and (receive_time leq '1 01:25:00')Įxplanation: shows all traffic that was received between Aug8:30am and August 31, 2015 01:25 am ![]() All Traffic Received Between The Date-Time Range Of yyyy/mm/dd hh:mm:ss and YYYY/MM/DD HH:MM:SS.All Traffic Received On Or After The Date yyyy/mm/dd And Time hh:mm:ssĮxplanation: shows all traffic that was received on or after Augat 8:30am.All Traffic Received On Or Before The Date yyyy/mm/dd And Time hh:mm:ssĮxplanation: shows all traffic that was received on or before Augat 8:30am.All Traffic for a Specific Date yyyy/mm/dd And Time hh:mm:ssĮxplanation: shows all traffic that was received on Augat 8:30am.To All Ports Greater Than Or Equal To Port aaĮxplanation: shows all traffic traveling to destination ports 1024-65535Įxample: (port.src geq 20) and (port.src leq 53)Įxplanation: shows all traffic traveling from source port range 20-53Įxample: (port.dst geq 1024) and (port.dst leq 13002)Įxplanation: shows all traffic traveling to destination ports 1024 - 13002. ![]() To All Ports Less Than Or Equal To Port aaĮxplanation: shows all traffic traveling to destination ports 1-1024.From All Ports Greater Than Or Equal To Port aaĮxplanation: shows all traffic traveling from source ports 1024 - 65535.From All Ports Less Than or Equal To Port aaĮxplanation: shows all traffic traveling from source ports 1-22.(zone.src eq zone_a) and (zone.dst eq zone_b)Įxample: (zone.src eq PROTECT) and (zone.dst eq OUTSIDE)Įxplanation: shows all traffic traveling from the PROTECT zone and going out the OUTSIDE zoneĮxplanation: shows all traffic traveling from source port 22Įxplanation: shows all traffic traveling to destination port 25Įxample: (port.src eq 23459) and (port.dst eq 22)Įxplanation: shows all traffic traveling from source port 23459 and traveling to destination port 22 This means show all traffic with a source OR destination address not matching 1.1.1.1 Zone Traffic Filter Examples:Įxplanation: shows all traffic coming from the PROTECT zoneĮxplanation: shows all traffic going out the OUTSIDE zone To display all traffic except to and from Host a.a.a.aĮxplanation: The "!" symbol is " not" opeator.Note that you cannot specify an actual range but can use CIDR notation to specify a network range of addressesĮxplanation: shows all traffic coming from addresses ranging from 10.10.10.1 - 10.10.10.3.Įxplanation: shows all traffic with a source OR destination address of a host that matches 1.1.1.1 (addr.src in a.a.a.a) and (addr.dst in b.b.b.b)Įxample: (addr.src in 1.1.1.1) and (addr.dst in 2.2.2.2)Įxplanation: shows all traffic coming from a host with an IP address of 1.1.1.1 and going to a host destination address of 2.2.2.2 At the end of the list, we include a few examples that combine various filters for more comprehensive searching.Įxplanation: shows all traffic from host ip address that matches 1.1.1.1 (addr.src in a.a.a.a)Įxplanation: shows all traffic with a destination address of a host that matches 2.2.2.2 Categories of filters include host, zone, port, or date/time. ![]() This document demonstrates several methods of filtering and looking for specific types of traffic on Palo Alto Networks firewalls. The filters need to be put in the search section under GUI: Monitor > Logs > Traffic (or other logs). When Trying to search for a log with a source IP, destination IP or any other flags, Filters can be used.
0 Comments
Leave a Reply. |