10-04-2018 01:46 PM
Hello Experts - Can you clarify how to configure Paloalto firewall to source traffic from Data Interface rather than Management Interface
Scenario: When Firewall send syslog message to exernal Syslog Server, the Firewall has to be configured to have Source IP address of Internal Interface instead of Management Interface. It is similar command in Cisco IOS "logging source interface"
Regards/RB
10-04-2018 02:12 PM
It's in the "service routes"
Pan-OS 8.0.X
Device --> Setup --> Services tab --> "Service Route Configuration" link
10-05-2018 04:17 PM - edited 10-05-2018 04:18 PM
That's not completely true. It depends what network your management interface is connected to, and what subnet you give it an IP from. If you give the management interface an IP on the "lan" subnet, connected to the "lan" switch, with the same gateway as the "lan" traffic gets, then you will see your management traffic in the normal Traffic logs. After all, it's just another IP on the "lan".
If your management interface is connected to a separate vlan from the rest of the "normal" traffic, or if it is plugged into the "wan" side of the firewall, then the management traffic will not show in the logs anywhere, as the traffic doesn't actually pass through the firewall.
10-04-2018 02:12 PM
It's in the "service routes"
Pan-OS 8.0.X
Device --> Setup --> Services tab --> "Service Route Configuration" link
10-04-2018 03:09 PM
In relation that, can you tell me why the logs are not showing in Firewalls when i do a Ping from Firewall to any IP address. Is it a known behavior. What is the way to get those logs.
For example, when i Ping 4.2.2.2 from the firewall, those logs are not found in the Monitor section of the firewall
10-05-2018 09:58 AM
If you're asking about logs for the management port showing up in traffic logs? That doesn't happen.
Events that occurred from the management port are seen in the "system" logs.
10-05-2018 10:10 AM
Hey - Thanks
I did a quick test now. In CLI of the Firewall i did ping to 4.2.2.2. I dont see that in the system Log
Monitor->Logs->system. the logs are not listed here. Can you help me where is the gap
10-05-2018 04:17 PM - edited 10-05-2018 04:18 PM
That's not completely true. It depends what network your management interface is connected to, and what subnet you give it an IP from. If you give the management interface an IP on the "lan" subnet, connected to the "lan" switch, with the same gateway as the "lan" traffic gets, then you will see your management traffic in the normal Traffic logs. After all, it's just another IP on the "lan".
If your management interface is connected to a separate vlan from the rest of the "normal" traffic, or if it is plugged into the "wan" side of the firewall, then the management traffic will not show in the logs anywhere, as the traffic doesn't actually pass through the firewall.
10-07-2018 08:32 AM
Thanks. My case Management Interface is a seperate VLAN
10-11-2018 07:51 AM
Hello All - I practically tried to change the Source Interface for Netflow traffic as LAN interface, with the expectation to see the Netflow traffic originating from the Firewall will appear in the Traffic Logs.
It is not appearing in the log under Monitor Section. In relation to this i have two questions?
1) If i want the Firewall to send a Netflow Traffic or Syslog of firewall Interface (WAN & LAN) , should i configure a Rule to allow the Firewall to send traffic to Netflow Collector? In this case, the Source Interface for Netflow is LAN interface and Syslog is Management Interface
2) To get the Logs of the above Traffic (to ensure the Firewall is generating Syslog/ Netflow), should i configure a Allow Rule with Log Option enabled?
thanks in advance/RB
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
