- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-03-2010 03:08 AM
Device: PA-2050
OS: PANOS-3.0.6
Hi
I have a question about Vlan. In the different logs you cant find "source vlan" anywhere. I belive this is cause Palo Alto is a zone based firewall and you should use zones to separate different network types rather than interfaces and vlans.
However...
When doing troubleshooting, vlan information would be really good in the traffic and threat logs. And when you connect a Palo Alto using a tap port you cannot even create different zones for different vlans cause the TAP interfaces can't be assigned to vlans.
The reason i'm asking is because of this scenario:
1 Palo Alto hooked up using 1 TAP port. This TAP port contains several vlans. When i examine the logs afterward it all shows up as the security zone connected to the tap interface. I want to be able to tell which alarms triggered on what vlannumber.
/Henrik
03-03-2010 03:26 PM
Hello Henrik,
currently there is nothing in our Monitor logs that allow you to filter by a vlan number.
Howerver if you click on the green button for the "add filtering expression" you will see varying filtering options that may help.
Perhaps you could filter on source/destingation ip, port, or interface.
thank you,
Stephen
03-05-2010 01:45 AM
Hi
Thank you for your reply.
Unfortunately the point of checking the vlan field in the monitoring logs its to feed another system with information. This system wants vlan information in order to sort logs into separate containers. And since all traffic are coming in on a TAP port with multiple vlans interface filtering is rellly not applicable.
Since we get the logs either by syslog or scp/cli access is there a way to see the vlan information in the cli with the "show logs" or something?
And also, do you have any plans on implementing vlan information in the monitoring logs in the future?
//Henrik
03-05-2010 03:57 AM
Hello Henrik,
I created a feature request for the vlan information to be added to the (traffic) logging.
Keep an eye on feature releases to see if it has been implemented :-).
Marcel
03-09-2010 05:14 AM
Great, thanks Marcel.
If you also could add it to the "threat-logs" aswell that would be super-great
//Henrik
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!