topic Re: How to check if a specific port/servic is getting passed throgh the firewall to a specific Pu... in Next-Generation Firewall Discussions https://live.paloaltonetworks.com/t5/next-generation-firewall/how-to-check-if-a-specific-port-servic-is-getting-passed-throgh/m-p/577556#M2669 <P>Hi <SPAN style="background: var(--ck-color-mention-background); color: var(--ck-color-mention-text);"><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/325184">@PetrosKafkas</a></SPAN> ,</P> <P>&nbsp;</P> <P>From the top of my mind, it comes down to SNMP that is allowed via your security policies or an SNMP trap server profile configured for your actual Palo (Device -&gt; Server Profile -&gt; SNMP).&nbsp;</P> <P>To verify policies, I would double-check and verify that any internal traffic is not getting out to the questionable public IP. You can filter with any as a source with the destination being the public IP. You can also search with the public address as being the source and destination being any. Other than that, if you don't see SNMP being allowed via policy, don't see it configured as a manager, and see it being blocked then you can be confident that SNMP is not flowing through your Palo.&nbsp;</P> <P>&nbsp;</P> <P>The only other thing that comes into question is if there is a segment of your network that bypasses the Palo and has their own internet gateway. I would reach out to the auditor and see how the testing is being done.&nbsp;</P> <P>&nbsp;</P> <P>Good luck!</P> Fri, 16 Feb 2024 22:51:30 GMT JayGolf 2024-02-16T22:51:30Z How to check if a specific port/servic is getting passed throgh the firewall to a specific Public IP address https://live.paloaltonetworks.com/t5/next-generation-firewall/how-to-check-if-a-specific-port-servic-is-getting-passed-throgh/m-p/577519#M2664 <P>An IT Auditor stated that SNMP is listening through the firewall for a specific Public IP Address.</P> <P>&nbsp;</P> <P>I have been filtering the network traffic on the PaloAlto 3020 for that specific IP address and also filtering with port 161.&nbsp; BUt Id not see any results except that the 'Deny-Deny' catch all group was being used.&nbsp; That is suggesting to me that the auditr's readings are false.&nbsp;</P> <P>&nbsp;</P> <P>Question:&nbsp; How can I verify if port udp-161 is being allowed/used to a pass traffc thorugh the firewall?&nbsp; Thus far I click on the</P> <P>Monitor' tab and I only see any traffic from the fiter tab and then traffic is specifically being sent to port 161 and it is being denied (catch all rule).</P> <P>&nbsp;</P> <P>Question:&nbsp; If SNMP is being transfered from the indide world; how may I verify this?</P> Fri, 16 Feb 2024 14:58:53 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/how-to-check-if-a-specific-port-servic-is-getting-passed-throgh/m-p/577519#M2664 PetrosKafkas 2024-02-16T14:58:53Z Re: How to check if a specific port/servic is getting passed throgh the firewall to a specific Pu... https://live.paloaltonetworks.com/t5/next-generation-firewall/how-to-check-if-a-specific-port-servic-is-getting-passed-throgh/m-p/577556#M2669 <P>Hi <SPAN style="background: var(--ck-color-mention-background); color: var(--ck-color-mention-text);"><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/325184">@PetrosKafkas</a></SPAN> ,</P> <P>&nbsp;</P> <P>From the top of my mind, it comes down to SNMP that is allowed via your security policies or an SNMP trap server profile configured for your actual Palo (Device -&gt; Server Profile -&gt; SNMP).&nbsp;</P> <P>To verify policies, I would double-check and verify that any internal traffic is not getting out to the questionable public IP. You can filter with any as a source with the destination being the public IP. You can also search with the public address as being the source and destination being any. Other than that, if you don't see SNMP being allowed via policy, don't see it configured as a manager, and see it being blocked then you can be confident that SNMP is not flowing through your Palo.&nbsp;</P> <P>&nbsp;</P> <P>The only other thing that comes into question is if there is a segment of your network that bypasses the Palo and has their own internet gateway. I would reach out to the auditor and see how the testing is being done.&nbsp;</P> <P>&nbsp;</P> <P>Good luck!</P> Fri, 16 Feb 2024 22:51:30 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/how-to-check-if-a-specific-port-servic-is-getting-passed-throgh/m-p/577556#M2669 JayGolf 2024-02-16T22:51:30Z