I have defined several specific policies to allow traffic through my PA device.
I have also created a rule that allow any traffic (at the end) to not impact current traffic.
My idea is to be able to identify all traffic that flows through my device through this "allow any" rule and then create specific rules for legitimate traffic.
I have a lot of traffic passing through my "allow any" rule. It is pretty unfriendly to go to the monitor tab and load the filter for this rule and then analyze logged traffic.
Also my question is : how to create a scheduled report for all the traffic flowing through my "allow any" rule (there are dozen of pages ?
And in a general manner : how to create custum scheduled report for any specific rule ?
I have tried to achieve this using the custom report section by defining filter on a specific rule, but unfortunatly it only allows to display top 10, top 100 ..reports.
We have already several rules for all identified applications (dns, web-browsing, ldap, icmp, smb, backup flows, most of business apps, and so on...)
However there is still a high amount of traffic that falls down to the "any any allow" rules.
I can manually export the traffic logs in CSV format from the Monitor -> Logs -> Traffic menu. Is there at least a way to automante this ?
In this case, what is the best practice to identify all traffic on a network in order to be able to allow only legitimate traffic ?
I have dozen of different traffic that flow through the device, also the only way I've found to identify these traffic is to export my any any permit rule to CSV and then work with Excel to filter and sort out requested infos (source/dest addresses, dest ports, applications and so on). This is pretty unfriendly to work like that, so what do you recommand to achieve this work ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!