11-25-2015 05:15 AM
Q. our auditor scanned our firewall IP from outside network but we unable to identify and check the attack and threat on firewall ip but able to check on servers public IP in threat option. can any1 suggest where we can check in paloalto?
11-25-2015 07:49 AM - edited 11-25-2015 07:50 AM
To protect yourself from scans you can configure Zone Protection.
The zone protection logs are stored under threat logs.
This might be useful (p.46 - Zone Protection):
I hope it helps.
11-25-2015 07:53 AM
Depend of you PANOS version but by default the IntrZone traffic (Untrust to Untrust) is not loggued. Mean no trace in logs.
You need to activate them.
After that if you want to be protected against floods, fragmented packet ... you need to configure both zone protection and / or DOS policy.
11-25-2015 10:45 AM
And security profiles must be configured.
Otherwise Palo does not scan for threats.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!