This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Testing Performance

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Testing Performance

Go to solution
luk
L0 Member

‎11-22-2016 05:56 AM

I would like to get to know which specifc traffic is being checked by specific features of Palo-alto NGFW. To be more precise after enabling all the features on the device which traffic is being checked by URL filtering , IPS Anti- Spyware and other features. The traffic must be using specific ports?

0 Likes Likes
2 accepted solutions

Accepted Solutions

Go to solution
TranceforLife
L6 Presenter

‎11-22-2016 06:26 AM - edited ‎11-22-2016 06:27 AM

Hi,

 

It is all depends on how do you configure your profiles. For the URL depends on of the category and the action,  for the file blocking depends on the file type/extension, etc.

 

https://www.paloaltonetworks.com/documentation/60/pan-os/pan-os/threat-prevention/about-security-pro...

 

Cheers,

Myky

View solution in original post

0 Likes Likes

Go to solution
bmorris1
L4 Transporter

‎11-22-2016 11:13 AM

Hi luk,

Here's what you'll need to do:

Access the monitor tab and select traffic logs from the left hand side.
Identify the traffic you're looking for either by scrolling through the logs or applying a filter. You can apply a filter easily by selecting the + button on the right hand side.
Once you've found the traffic note down the security policy that this traffic is matching.
Select the policies tab from the top and select security from the left hand side.
In the search bar type in the name of your policy.
Once you've found your policy you can find out what content-ID profiles are attached to it by looking in the action tab.
To find out more info about the profiles that are attached then select the objects tab from the top of the gui and you'll have the specific profiles on the left.

Hope this helps,
Ben

View solution in original post

0 Likes Likes
4 REPLIES 4

Go to solution
TranceforLife
L6 Presenter

‎11-22-2016 06:26 AM - edited ‎11-22-2016 06:27 AM

Hi,

 

It is all depends on how do you configure your profiles. For the URL depends on of the category and the action,  for the file blocking depends on the file type/extension, etc.

 

https://www.paloaltonetworks.com/documentation/60/pan-os/pan-os/threat-prevention/about-security-pro...

 

Cheers,

Myky

0 Likes Likes

Go to solution
bmorris1
L4 Transporter

‎11-22-2016 11:13 AM

Hi luk,

Here's what you'll need to do:

Access the monitor tab and select traffic logs from the left hand side.
Identify the traffic you're looking for either by scrolling through the logs or applying a filter. You can apply a filter easily by selecting the + button on the right hand side.
Once you've found the traffic note down the security policy that this traffic is matching.
Select the policies tab from the top and select security from the left hand side.
In the search bar type in the name of your policy.
Once you've found your policy you can find out what content-ID profiles are attached to it by looking in the action tab.
To find out more info about the profiles that are attached then select the objects tab from the top of the gui and you'll have the specific profiles on the left.

Hope this helps,
Ben
0 Likes Likes

Go to solution
luk
L0 Member
In response to TranceforLife

‎11-23-2016 02:59 AM

So when I generate UPD traffic for example 64 bytes of random data with destination port for protocols like POP3 IMAP SMTP and others and correctly configured security profiles I should see performance degradation ?

0 Likes Likes

Go to solution
bmorris1
L4 Transporter
In response to luk

‎11-23-2016 03:47 AM

Yes that is right in theory as the firewall throughput speeds are less when content inspection is applied.

 

Ben

0 Likes Likes
  • 2 accepted solutions
  • 2389 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks