This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Traffic monitor incomplete

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Traffic monitor incomplete

danoman2
L3 Networker

‎03-09-2022 12:11 PM

I've got a new Global Protect portal/gateway.  When I get connected to the gateway, I can see the connection via the GP monitor.  Then if I go the to traffic monitor and search the source range 192.168.203.0/24 I only get traffic from previous testing that I've performed.  I'm not getting the currently connected device to show up for some reason.  It's connected as the remote user option in the network>gateway shows me connected and the ip of 192.168.203.2.  However its not in the monitor.  What do you all think?

 

GlobalProtect 

GlobalProtect
Thumbnail of GlobalProtect
Palo Alto Networks
GlobalProtect
Network Security
View on Product Page
0 Likes Likes
4 REPLIES 4

Adrian_Jensen
L6 Presenter

‎03-09-2022 02:47 PM

Do you have a "receive_time" or interface/source/zone filter in you log view? If this is a new gateway/portal, did you create a new Security Policy rule allowing the traffic from the new interface/zone/IPs but didn't check the log options in the policy action?

0 Likes Likes

danoman2
L3 Networker

‎03-10-2022 07:45 AM

My monitor is showing traffic from this IP.  It was from previous connections to the gateway.  It is a new portal/gateway.  Yes, it has a security policy, all settings are correct as far as I'm seeing.  

0 Likes Likes

Adrian_Jensen
L6 Presenter

‎03-10-2022 08:00 AM

It's kind of hard to guess without details. I have seen a few errata in the release notes for various versions about edge cases where traffic wasn't being logged, but I don't recall anything specific about new gateways. Maybe open a support ticket with PA where you can share the details with them and they can see if it is something obvious.

0 Likes Likes

TomYoung
Cyber Elite
Cyber Elite

‎03-10-2022 05:39 PM - edited ‎03-10-2022 05:39 PM

Hi @danoman2 ,

 

You probably have "log at session end" configured for your security policy rules.  This is recommended.  Monitor > Logs > Traffic will only show sessions that have ended.  In order to see live sessions, go to Monitor > Session Browser.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.
0 Likes Likes
  • 2487 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks