- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-13-2023 02:10 AM
Hi!
We have migrated our customers old firewalls to Palo altos and managing them through Panorama.
Now we want to convert the old rules into specific application rules. From server to server , Application by application.
So what I need is a complete traffic log/report, rule by rule to be able to start with the new Application rules.
It seems that all the reports and CSV exports are caped to a specifik amount of entries? Which makes the report incomplete.
The things I've tried is custom reports with the rule as filter, and doing csv exports from the regular traffic monitor.
What I would like to have is a complete report of say 30days on all unique Application traffic that hits a specific rule.
By unique I mean that I don't need duplicate entries from and to the same servers with the same application, It would be nice to just have it summarized.
Is this possible? Seems the amount of sessions is the problem now, to get a complete report.
01-13-2023 10:51 AM
Dont need to do that! Thankfully palo alto has already a tool INTEGRATED into the firewall, you can see it at the left bottom corner its called policy optimizer, which does exactly that what you are asking for, but without running trough so many hops,
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/app-id/security-policy-rule-optimization/m...
Also i would suggest you to read and watch some tutorials on the expedition tool, which helps your migrations from old FW to NGFW from palo alto networks, https://www.paloaltonetworks.com/products/secure-the-network/next-generation-firewall/migration-tool
I hope this information suits you well!
01-16-2023 12:50 AM
I've looked into the optimizer before.
My understanding is that it's great if you have portbased rule from before, to convert them into application based rules.
But in my case it's an any to any rule, so I guess the optimizer would make it any to any on specific applications?
What I want to do is to from server to server on specific application.
Is it possible in the optimizer?
01-16-2023 07:06 AM
01-16-2023 10:44 PM
Hi!
Well, I've tried the custom report filters and CSV exports but the thing is that there is to much data so the logs are incomplete. It won't give me the full logs.
Is there a way to summarize them i Panorama? Now I see every new session from server to server with the same application in the exports, and it's a huge amount.
I would just like to see every new application from server to server.
Can't really see that I can do this in the ACC filter either?
01-17-2023 10:36 AM
01-18-2023 12:12 AM
Okey just to clarify.
Right now we have a rule that says any any from server nets to server nets on any application.
So all server traffic floods on that rule. So it's alot of sessions.
What we want to do is to make it more granular, like the examples:
Server1 192.168.1.2 to Server2 192.168.2.3 HTTPS
Server3 192.168.43.2 to Server4 192.168.60.3 DNS
and so on.
01-18-2023 08:06 AM
01-20-2023 01:08 AM
Yepp that's what we tried to do, but it's just to many sessions.
With the default setting of 65000 rows in CSV, gives us 1.5 hours of traffic and we want to see like a months traffic.
So if we changed it to the max value of 1048576 rows in CSV, would give us approx. 1.5 days.
Can't see that there is a way to sort out all the duplicate sessions in the monitor view.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!