PAN-OS 8.1.2 Introduces New Log Options

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

reaper
L7 Applicator

Historically, some malformed or irregular packets that were discarded by a zone protection profile or built in protection (like LAND attacks) would only increment a global counter to indicate an action was taken. This made troubleshooting such occurrences, or logging for auditing and compliancy, a little more tedious.

 

Starting from PAN-OS 8.1.2 new threat logs were introduced that will appear each time such packets are discarded:

 

  • Fragmented IP packets
  • IP address spoofing
  • ICMP packets larger than 1024 bytes
  • Packets containing ICMP fragments
  • ICMP packets embedded with an error message
  • First packets for a TCP session that are not SYN packets

ip drop.pngtcp drop.pngicmp drop.png

 

Threat logs will also be generated on the following events (which don’t require Packet-Based Attack Protection):

  • Teardrop attack
  • DoS attack using ping of death

 

To enable the additional logging, run this operational command:

> set system setting additional-threat-log on 

 

You can find the release notes here: PAN-OS 8.1 Release Information

 

 

Stay frosty

Reaper

39,632 Views
Comments
RenoRLaskey
L0 Member

So I am on 8.1.2 and I am not seeing anything in my threat logs relating to my ZPP. And I am having an issue with the ZPP dropping my traffic due to IP spoofing. 

 

Also having a hard time finding the note related to this in the release notes.

39,547 Views
reaper
L7 Applicator

hi @RenoRLaskey

 

It may be easier to open the pdf and visit page 19: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/technical-documentation/81/pan-os/...

or take a look at the admin guide: https://www.paloaltonetworks.com/documentation/81/pan-os/pan-os/zone-protection-and-dos-protection/c...

 

Reviewing the admin guide it appears I left out an important tidbit: enabling the option (apologies for the confusion)

 

Use the operational CLI command set system setting additional-threat-log on

 

 

 

 

39,512 Views
vsys_remo
Cyber Elite

... finally ;)

39,487 Views
traymondchia
L0 Member

sweet

39,463 Views
Lakshitha
L2 Linker

Hi,

 

Can anyone tell me PAN OS 8.1.2 is recommending for production environment?

 

Thanks,

Kavinda

36,560 Views
reaper
L7 Applicator

hi @Lakshitha

 

The 8.1 code train is still a bit 'young' to enjoy a recommended status overall, but if you do need to be on 8.1 (if you have one of the new platforms that only support 8.1 or require one of the new features) it is recommended to use PAN-OS 8.1.2

36,355 Views
Lakshitha
L2 Linker

Hi

 

As i know clientless VPN also new to the palo alto. How about the clientless VPN on 8.1.2 ? recommendations to production environment.?

 

Thanks

36,107 Views
reaper
L7 Applicator

Hi @Lakshitha

Clientless VPN was already introduced in PAN-OS 8.0

Please take a look at the admin guide here : GlobalProtect Clientless VPN

36,094 Views
Lakshitha
L2 Linker

Hi,

 

Thanks for the reply. No i wanted to know the stability of the clientless VPN.  Becouse it introduced with (PANOS 8.0).  We were waiting almost 1 year for clientless vpn. Plz advice us.

 

Thanks,

Lakshitha.

36,090 Views
reaper
L7 Applicator

Hi @Lakshitha

 

You can ask such questions in the general discussion area

There will likely be several users who have implemented Clientless VPN and can advise you

36,083 Views
ice-quake
L2 Linker

Hi,

 

Is this feature recommended as a troubleshooting/debug tool only, or is it safe to enable during "normal" operation?  Depends on the environment? 

1,294 Views
reaper
L7 Applicator

Hi @ice-quake 

 

You can safely enable it, but it gets noisy real quick as it will catch a lot of internet garbage

This can clutter reporting and the ACC

1,274 Views
Register or Sign-in
Labels
Top Liked Authors