Firewall – Log incoming traffic on PAN-OS (Palo Alto Networks) firewall

configurationfirewallnetworkingpalo-alto-networks

Have a Palo Alto Networks PA-200 firewall with the basic setup complete, all outgoing traffic allowed and working fine.

This is showing up in the traffic logs going from the created internal and external zones.

I have been unable to log traffic that is coming in from the external zone – using the packet capture feature I can see pings hitting the interface, but can not get any logs showing dropped packets.

How can I make this type of traffic visible?

There is next to no information online about configuring these devices and just getting this far has been quite hard work!

tag request: palo-alto-networks

Best Answer

What you are missing is an explicit deny rule that logs the traffic, but be careful, sometimes you have intra-zone traffic out there that is expected behavior.

So... create a rule from external to internal zones to deny all traffic with logging.

Related Solutions

Palo Alto and 802.1q

The solution to the problem was to assign a security zone to the external interface, once done I was able to reach the other site. This is due to a default block on inter-zone traffic.

Linux – How to Set Up Two Default Routes

Using iproute2 you can do something like this:

echo "1 admin" >> /etc/iproute2/rt_tables
echo "2 users" >> /etc/iproute2/rt_tables

ip rule add from 192.168.122.40/32 dev eth0 table admin
ip rule add from 192.168.123.41/32 dev eth1 table users

ip route add default via 192.168.122.1 dev eth0 table admin
ip route add default via 192.168.123.1 dev eth1 table users

Now you will have two routing table with two gateways.

Best Answer

Related Solutions

Palo Alto and 802.1q

Linux – How to Set Up Two Default Routes

Related Topic