We are trying to figure out if there is a way to have the firewall create an alert in the logs when traffic hits a specific IP range. We don't want to block access to this range of IP addresses but we want to be able to confirm if users are conversing with IPs in a specific range. Any thoughts on this would be appreciated?
Thanks in advance!
Yes. You need to specify separate rule for the traffic pertaining to IP range.
e.g. see below rule for source range 10.0.0.0/8
Setup email, log forwarding profile and assign it to the the relevant security rule.
For detailed steps to create email, log forwarding profile refer to https://live.paloaltonetworks.com/docs/DOC-3779
Hope this helps!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!