Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Testing Performance

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Testing Performance

L0 Member

I would like to get to know which specifc traffic is being checked by specific features of Palo-alto NGFW. To be more precise after enabling all the features on the device which traffic is being checked by URL filtering , IPS Anti- Spyware and other features. The traffic must be using specific ports?

2 accepted solutions

Accepted Solutions

L6 Presenter

Hi,

 

It is all depends on how do you configure your profiles. For the URL depends on of the category and the action,  for the file blocking depends on the file type/extension, etc.

 

https://www.paloaltonetworks.com/documentation/60/pan-os/pan-os/threat-prevention/about-security-pro...

 

Cheers,

Myky

View solution in original post

L4 Transporter
Hi luk,

Here's what you'll need to do:

Access the monitor tab and select traffic logs from the left hand side.
Identify the traffic you're looking for either by scrolling through the logs or applying a filter. You can apply a filter easily by selecting the + button on the right hand side.
Once you've found the traffic note down the security policy that this traffic is matching.
Select the policies tab from the top and select security from the left hand side.
In the search bar type in the name of your policy.
Once you've found your policy you can find out what content-ID profiles are attached to it by looking in the action tab.
To find out more info about the profiles that are attached then select the objects tab from the top of the gui and you'll have the specific profiles on the left.

Hope this helps,
Ben

View solution in original post

4 REPLIES 4

L6 Presenter

Hi,

 

It is all depends on how do you configure your profiles. For the URL depends on of the category and the action,  for the file blocking depends on the file type/extension, etc.

 

https://www.paloaltonetworks.com/documentation/60/pan-os/pan-os/threat-prevention/about-security-pro...

 

Cheers,

Myky

L4 Transporter
Hi luk,

Here's what you'll need to do:

Access the monitor tab and select traffic logs from the left hand side.
Identify the traffic you're looking for either by scrolling through the logs or applying a filter. You can apply a filter easily by selecting the + button on the right hand side.
Once you've found the traffic note down the security policy that this traffic is matching.
Select the policies tab from the top and select security from the left hand side.
In the search bar type in the name of your policy.
Once you've found your policy you can find out what content-ID profiles are attached to it by looking in the action tab.
To find out more info about the profiles that are attached then select the objects tab from the top of the gui and you'll have the specific profiles on the left.

Hope this helps,
Ben

So when I generate UPD traffic for example 64 bytes of random data with destination port for protocols like POP3 IMAP SMTP and others and correctly configured security profiles I should see performance degradation ?

Yes that is right in theory as the firewall throughput speeds are less when content inspection is applied.

 

Ben

  • 2 accepted solutions
  • 2723 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!