For details on cookie usage on our site, read our Privacy Policy
How to report traffic logs for a specific rule ?
- LIVEcommunity
- Discussions
- General Topics
- Re: How to report traffic logs for a specific rule ?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
How to report traffic logs for a specific rule ?
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-04-2011 07:08 AM
Hello,
I have defined several specific policies to allow traffic through my PA device.
I have also created a rule that allow any traffic (at the end) to not impact current traffic.
My idea is to be able to identify all traffic that flows through my device through this "allow any" rule and then create specific rules for legitimate traffic.
I have a lot of traffic passing through my "allow any" rule. It is pretty unfriendly to go to the monitor tab and load the filter for this rule and then analyze logged traffic.
Also my question is : how to create a scheduled report for all the traffic flowing through my "allow any" rule (there are dozen of pages ?
And in a general manner : how to create custum scheduled report for any specific rule ?
I have tried to achieve this using the custom report section by defining filter on a specific rule, but unfortunatly it only allows to display top 10, top 100 ..reports.
Regards,
Laurent
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-21-2011 03:41 PM
@Laurent:
I would advise having a daily report for the top 25 applications that match your any-any-allow rule. Each day review this report and create specifc allow/deny rules for the applications based upon the desired behavior in your network.
-Benjamin
- GP Issue while Migrating from PA-3020 to PA-460 in General Topics
- Global Protect in General Topics
- Panorama slow since updating to 10.1 in Panorama Discussions
- Complete application traffic report for firewall rule in Panorama Discussions
- RDP Session Freezes for a few seconds and than continues in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
