06-18-2024 12:54 PM
06-18-2024 01:36 PM
@SaiTeja_1 wrote:
- We have an overly permissive rule with Source, destination and ports as Any. We are working to remove this rule but this is widely used. Please suggest what's the best way to identify the traffic using this rule and to create rules with specific source, destination and ports.
The native UI won't give you exactly what you're looking for. Native in the UI you can go to the rule, then the "Usage" tab then click on the "Compare Applications & Applications Seen
From here you can see the apps that have been seen/allowed on this rule. You can then chose to add them to the rule.
If you're wanting to easily identify and allow/block source IP, destination IPs or destination ports/applications the native UI (GUI) doesn't have that feature. To do that you will need to stand up a separate Palo Alto tool called expedition. Expedition is kind of like a Panorama, it has a similar Palo Alto GUI, but can do what you're looking for.
Or you can purchase an entirely different tool such as FireMon or Tufin. Both of these products are designed to do what you're looking to do.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
