08-21-2020 07:44 AM
Hi folks,
following situation: one of my customers has a rule that allows any traffic from trust to untrust.
the rule detects over 400 application with more than 2 terrabytes of data in the last 30 days.
is the any kind of way to export the "seen apps" to a csv or pdf list or anything else?
we need such a list to sort out unwanted apps and sort the rest in multiply applications groups
greetings from germany
08-21-2020 08:06 AM
I'm not aware of any way to export this list from the policy optimizer, although it might be a good idea to put in a feature request for this feature.
You can utilize a custom detailed traffic report to start to generate an exportable application list pretty easily. Create a detailed traffic report and only have the columns "Application" and "Rule" selected. In the query section just put (rule eq EntryName) so that the output is limited to the rule that you actually care about. The generated output will be any application that has hit the selected rule for as far back as your logs allow.
08-21-2020 08:06 AM
I'm not aware of any way to export this list from the policy optimizer, although it might be a good idea to put in a feature request for this feature.
You can utilize a custom detailed traffic report to start to generate an exportable application list pretty easily. Create a detailed traffic report and only have the columns "Application" and "Rule" selected. In the query section just put (rule eq EntryName) so that the output is limited to the rule that you actually care about. The generated output will be any application that has hit the selected rule for as far back as your logs allow.
08-21-2020 09:29 AM
The other option would be ACC tab. By keeping proper filters according to your requirements, you can export the details.
08-24-2020 02:46 AM
thank you guys for your quick reply.
i have testet both methods but i think to build a custom report is the better way for a user friendly export.
both ways need a lot of time and generate a high load of the customer firewall becauce the time frame is really big 01/29-24/08/2020
i think i must start the custom report at night, so the daily business of my customer gets in no trouble because the cpu and dataplane load is to high.
at my first tests with custom reports, the customer firewall disconnects from our panorama.
the firewall was pingable but for more than 10 minutes no web or ssh access possible.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
