This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Best way to allow ALL traffic for troubleshooting

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Best way to allow ALL traffic for troubleshooting

Go to solution
Jedi_D
L2 Linker

‎05-09-2018 09:49 AM

Hi people, 

 

I want to troubleshoot a connectvity issue.... typical problem where server guy says "it's a firewall issue". Can anyone suggest what's the best way to allow all traffic? I was thinking of traffic from my source (10.0.0.0/8) to destination B10.1.0.0/8) but use 

Application: ANY

Service: ANY

log both start and stop

turn off virus checking, 

turn off anti spoofing. 

 

I want to avoid any issues with application ports and service types. Is service any, application any the best way to make the policy to allow all traffic? Or should i consider specifying application unknown-tcp and unknown-udp with service any or application default?

 

Any suggestions would help. thank you. D

 

 

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
BPry
Cyber Elite
Cyber Elite
In response to JoeAndreini

‎05-09-2018 12:43 PM

@Jedi_D,

I would generally do exactly what @JoeAndreini mentioned at the end of his post. Simply override the logging on the intra/inter zone rules and see what the logs have to say. This way you aren't opening up anything for testing purposes but you can still see what the traffic looks like. 

As a side note also ensure that you are looking in the unified logs and not just the traffic logs. Traffic may be allowed, however a threat is being identified that causes the firewall to close the session. 

View solution in original post

2 REPLIES 2

Go to solution
JoeAndreini
L4 Transporter

‎05-09-2018 10:25 AM

application unknown-tcp and unknown-udp will block all KNOWN applications

 

app any/service any would be best IMO - make sure the rule is universal to truly allow ANY traffic.

 

The logs will show you what applications and ports are actually in use.

 

alternately, override the default allow and deny rules to add logging, and you will see if there is any traffic being allowed or denied silently without opening the firewall to all traffic.

0 Likes Likes

Go to solution
BPry
Cyber Elite
Cyber Elite
In response to JoeAndreini

‎05-09-2018 12:43 PM

@Jedi_D,

I would generally do exactly what @JoeAndreini mentioned at the end of his post. Simply override the logging on the intra/inter zone rules and see what the logs have to say. This way you aren't opening up anything for testing purposes but you can still see what the traffic looks like. 

As a side note also ensure that you are looking in the unified logs and not just the traffic logs. Traffic may be allowed, however a threat is being identified that causes the firewall to close the session. 

  • 1 accepted solution
  • 2998 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks