How to see a specific incoming IP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to see a specific incoming IP

Hello, I am new to Palo Alto Firewalls still learning. I as asked to see a specific IP that is attempting to connect to my FW. Can someone please point me in the direction to see an incoming IP? I see on the GUI "Monitoring" and "ACC" tabs. Is there Training Material or commands that show how?

1 accepted solution

Accepted Solutions

L7 Applicator

you have a few options but for me I just use the monitor tab and select "traffic" from the LH side.

click on any source IP in the GUI, this will auto fill the search bar above, modify this to your required IP and click on the apply filter arrow to the right.

 

you need to be aware that traffic will only appear in the monitor tab if logging is set in the policies.

if there is no policy for the attempted connection then you will need to override the default interzone policy and set logging to session start.

 

you can also create deny all policies specific to interfaces/services etc.(with logging enabled) but be careful as you could be setting up your own denial of service if not careful.

 

 

  

View solution in original post

3 REPLIES 3

L7 Applicator

you have a few options but for me I just use the monitor tab and select "traffic" from the LH side.

click on any source IP in the GUI, this will auto fill the search bar above, modify this to your required IP and click on the apply filter arrow to the right.

 

you need to be aware that traffic will only appear in the monitor tab if logging is set in the policies.

if there is no policy for the attempted connection then you will need to override the default interzone policy and set logging to session start.

 

you can also create deny all policies specific to interfaces/services etc.(with logging enabled) but be careful as you could be setting up your own denial of service if not careful.

 

 

  

Awesome information my friend! I used this in the "Monitor" tab and input this cmd " (addr.src in X.X.X.X) I did not see anything and then I used an IP that is in use and I was able to see all the traffic. Thanks for your help!

Here is a screen shot of the logs..

jdelio_0-1610564164290.png

 

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!
  • 1 accepted solution
  • 4889 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!