PAN-OS 8.1.2 introduces new log options

by Community Manager ‎06-14-2018 01:09 AM - edited ‎06-15-2018 12:08 AM (8,172 Views)

Historically some malformed or irregular packets that were discarded by a zone protection profile or built in protection (like LAND attacks) would only increment a global counter to indicate an action was taken. This made troubleshooting such occurences, or logging for auditing and compliancy, a little more tedious.

 

Starting from PAN-OS 8.1.2 new Threat logs were introduced that will appear each time such packets are discarded

 

  • Fragmented IP packets
  • IP address spoofing
  • ICMP packets larger than 1024 bytes
  • Packets containing ICMP fragments
  • ICMP packets embedded with an error message
  • First packets for a TCP session that are not SYN packets

ip drop.pngtcp drop.pngicmp drop.png

 

Threat logs will also be generated on the following events (which don’t require Packet-Based Attack Protection):

  • Teardrop attack
  • DoS attack using ping of death

To enable the additional logging, run this operational command:

> set system setting additional-threat-log on 

 

You can find the release notes here: PAN-OS 8.1 Release Information

 

 

Stay frosty

Reaper

Comments
by RenoRLaskey
on ‎06-14-2018 04:06 PM

So I am on 8.1.2 and I am not seeing anything in my threat logs relating to my ZPP. And I am having an issue with the ZPP dropping my traffic due to IP spoofing. 

 

Also having a hard time finding the note related to this in the release notes.

by Community Manager
‎06-15-2018 12:06 AM - edited ‎06-15-2018 12:09 AM

hi @RenoRLaskey

 

It may be easier to open the pdf and visit page 19: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/technical-documentation/81/pan-os/...

or take a look at the admin guide: https://www.paloaltonetworks.com/documentation/81/pan-os/pan-os/zone-protection-and-dos-protection/c...

 

Reviewing the admin guide it appears I left out an important tidbit: enabling the option (apologies for the confusion)

 

Use the operational CLI command set system setting additional-threat-log on

 

 

 

 

by vsys_remo
on ‎06-15-2018 03:26 AM

... finally ;)

by traymondchia
on ‎06-15-2018 07:33 AM

sweet

by Lakshitha
on ‎07-02-2018 09:38 AM

Hi,

 

Can anyone tell me PAN OS 8.1.2 is recommending for production environment?

 

Thanks,

Kavinda

by Community Manager
on ‎07-03-2018 02:52 AM

hi @Lakshitha

 

The 8.1 code train is still a bit 'young' to enjoy a recommended status overall, but if you do need to be on 8.1 (if you have one of the new platforms that only support 8.1 or require one of the new features) it is recommended to use PAN-OS 8.1.2

by Lakshitha
on ‎07-04-2018 11:57 PM

Hi

 

As i know clientless VPN also new to the palo alto. How about the clientless VPN on 8.1.2 ? recommendations to production environment.?

 

Thanks

by Community Manager
on ‎07-05-2018 02:58 AM

Hi @Lakshitha

Clientless VPN was already introduced in PAN-OS 8.0

Please take a look at the admin guide here : GlobalProtect Clientless VPN

by Lakshitha
on ‎07-05-2018 03:08 AM

Hi,

 

Thanks for the reply. No i wanted to know the stability of the clientless VPN.  Becouse it introduced with (PANOS 8.0).  We were waiting almost 1 year for clientless vpn. Plz advice us.

 

Thanks,

Lakshitha.

by Community Manager
on ‎07-05-2018 04:03 AM

Hi @Lakshitha

 

You can ask such questions in the general discussion area

There will likely be several users who have implemented Clientless VPN and can advise you

Ask Questions Get Answers Join the Live Community
Top Liked Posts