Hello all.is there any possibility in Palo Alto to kill connection in real time if i see for example some user downloads too much or uploads too much?
Yes you can do this in the session browser located in the monitor tab and clicking the 'x' on the desired session. Or you can do it via the CLI by using the commmand:
> clear session id xxxx
x being the number of the session of course.
You can use the command:
> show session all
to show a list of sessions on the device currently (up to 1024).
hope this helps,
The session browser will show you the size of the session in bytes but it won't tell you how many bytes downloaded/uploaded, just in total.
Once you kill the session and a log entry is generated in the traffic log, you can see bytes sent and bytes receieved in the 'details' section. Click the spyglass icon on the left hand side of the log to open up the detailed log view.
You can use the ACC tap on the firewall to track user activity, kindly find the below screenshot:
# in global filter tabe select Source User/Source Address and wite the User-ID or IP address.
for further assistance kindly find below URL:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!