https://live.paloaltonetworks.com/t5/general-topics/junk-traffic/m-p/142377#M48533 <P>Hi !</P> <P>&nbsp;</P> <P>That's a tricky one!</P> <P>the only real way to filter out good from junk is to 'know' the network</P> <P>&nbsp;</P> <P>this will most likely require a little legwork where you talk to whomever is responsible for a set of servers to see if they can tell you which connections are needed and which arent, which in most cases will result in the sysadmin replying "ALL PORTS NEED TO BE OPEN" or something along those lines <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> <P>&nbsp;</P> <P>you can go about creating some custom reports that highlight the overall app category, that should split up most 'business' traffic from 'not so business' and then you can tune from there</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2017-02-10_16-46-57.png"><img src="https://live.paloaltonetworks.com/skins/images/B81F31A7B44084F326ABA63EFCA50C9D/responsive_peak/images/image_not_found.png" alt="2017-02-10_16-46-57.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2017-02-10_16-49-11.png"><img src="https://live.paloaltonetworks.com/skins/images/B81F31A7B44084F326ABA63EFCA50C9D/responsive_peak/images/image_not_found.png" alt="2017-02-10_16-49-11.png" /></span></P> Fri, 10 Feb 2017 15:50:32 GMT reaper 2017-02-10T15:50:32Z https://live.paloaltonetworks.com/t5/general-topics/junk-traffic/m-p/142360#M48530 <P>Is there a good way to verify good traffic from junk traffic.?</P> Fri, 10 Feb 2017 14:49:57 GMT https://live.paloaltonetworks.com/t5/general-topics/junk-traffic/m-p/142360#M48530 jdprovine 2017-02-10T14:49:57Z https://live.paloaltonetworks.com/t5/general-topics/junk-traffic/m-p/142377#M48533 <P>Hi !</P> <P>&nbsp;</P> <P>That's a tricky one!</P> <P>the only real way to filter out good from junk is to 'know' the network</P> <P>&nbsp;</P> <P>this will most likely require a little legwork where you talk to whomever is responsible for a set of servers to see if they can tell you which connections are needed and which arent, which in most cases will result in the sysadmin replying "ALL PORTS NEED TO BE OPEN" or something along those lines <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> <P>&nbsp;</P> <P>you can go about creating some custom reports that highlight the overall app category, that should split up most 'business' traffic from 'not so business' and then you can tune from there</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2017-02-10_16-46-57.png"><img src="https://live.paloaltonetworks.com/skins/images/B81F31A7B44084F326ABA63EFCA50C9D/responsive_peak/images/image_not_found.png" alt="2017-02-10_16-46-57.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2017-02-10_16-49-11.png"><img src="https://live.paloaltonetworks.com/skins/images/B81F31A7B44084F326ABA63EFCA50C9D/responsive_peak/images/image_not_found.png" alt="2017-02-10_16-49-11.png" /></span></P> Fri, 10 Feb 2017 15:50:32 GMT https://live.paloaltonetworks.com/t5/general-topics/junk-traffic/m-p/142377#M48533 reaper 2017-02-10T15:50:32Z https://live.paloaltonetworks.com/t5/general-topics/junk-traffic/m-p/142412#M48538 <P>Good idea reaper I have been trying to use the ACC too. I am trying to tighten up our DMZ <span class="lia-unicode-emoji" title=":face_with_tongue:">😛</span></P> Fri, 10 Feb 2017 16:57:39 GMT https://live.paloaltonetworks.com/t5/general-topics/junk-traffic/m-p/142412#M48538 jdprovine 2017-02-10T16:57:39Z https://live.paloaltonetworks.com/t5/general-topics/junk-traffic/m-p/142437#M48542 <P>Sadly DMZs take a long time to actually secure properly if they are already running production services. Mgmt doesn't want you to bring anything down, but at the same time I've seen DMZ that was configured to allow anything between their internal zone and had outside RDP open to the servers. Took me a very long time to explain that they had destroyed any reason to have a DMZ in the first place.&nbsp;</P> Fri, 10 Feb 2017 18:21:25 GMT https://live.paloaltonetworks.com/t5/general-topics/junk-traffic/m-p/142437#M48542 BPry 2017-02-10T18:21:25Z https://live.paloaltonetworks.com/t5/general-topics/junk-traffic/m-p/142475#M48546 <P>I hear ya Bpry</P> Fri, 10 Feb 2017 20:51:49 GMT https://live.paloaltonetworks.com/t5/general-topics/junk-traffic/m-p/142475#M48546 jdprovine 2017-02-10T20:51:49Z