This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

IPs and ports allowed to a specific host destination

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IPs and ports allowed to a specific host destination

FrankStamboolian
L0 Member

‎09-19-2018 11:11 AM

Hello everyone!

 

I was wondering if anyone had any tips or knew of any free tools that I could use to easily gather the allowed IPs and ports for a specific destination IP.

We have a user that would like ot know what traffic is allowed to a specific group of servers.

 

I'm just trying to avoid manually going through the all policies...I'm new to this environment and palo alto

 

A Palo Alto Engineer gave me these instructions, but unfortunatley they are for version 8.1 and we are running 8.0.9 =o(

 

* My favorite is to go to the Objects tab, Addresses, and enter the name or IP address of the host. Then point your mouse at the address object and click on the dropdown arrow that appears. You can then click on Export CSV on the window that comes up. That will tell you everywhere the object is used, and you can filter the CSV for what you need

 

* If you just want to view the rules where and object is used, you can open the Policies tab, go to Security, in the filter bar at the top enter (destination/member eq 'object name'), and it will show just where that object is used as the destination of a rule. At the bottom there is a button that says PDF/CSV. If you click that it will keep the filter you set and allow you to export either a PDF or a CSV of the rules that match the filter.

 

 

Any info would be greatly appreciated!

0 Likes Likes
3 REPLIES 3

OtakarKlier
Cyber Elite
Cyber Elite

‎09-19-2018 01:59 PM

Hello,

I would say a free port scanner, or if you have one interanlly, might be able to help you out in this? Otherwise depending on the amount of policies and how they are setup, it could take a while to try and figure out.

 

Regards,

 

reaper
Cyber Elite
Cyber Elite

‎09-20-2018 01:05 AM

while the pdf/csv export is a new feature in 8.1, you can still filter your security policy for any object

 

if set your filter right, you will get all policies where they are used (either as object or ip)

 

eg.

(destrination/member eq 'serverX') or  (destination/member eq '1.1.1.1') or (etc.)

 

the only caveat is if you have lots of policies with 'any' or whole subnets (/24) in the destination of yor your server zone, then it becomes a little more complex

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

RobinClayton
L4 Transporter
In response to reaper

‎09-20-2018 01:40 AM - edited ‎09-20-2018 01:41 AM

You could turn the question arround slightly...

 

Which IP's and ports have used a particular destiantion IP.

 

So in traffic monitor just filter by the destination IP.

 

We have almost 12 months  of full logs backed off to an SQL server so we can look at this historicaly relativly easily.

 

 

 

I guess the question is what are you seekign to achive?

 

Rob

  • 2531 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks