How to verify that threat profiles are actually performing

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L0 Member

How to verify that threat profiles are actually performing

Hello,

 

I currently have one rule, that pertains to one inside and one outside host.  I have a few profiles added to the rule such as a/v, spyware, vulnerability and file blocking.  I dont see any events in the Threat monitor nor my Syslog server so my assumption is all is well, no threats detected?  Is there any other way to confirm the firewall is performing the checks in the profile?

 

Thanks

Highlighted
L0 Member

As long as the traffic is communication across the rule that has your threat profiles applied then it should be filtering. I would search the destination and source address and verify that the traffic is not hitting any other rules first. 

Highlighted
L0 Member

Yes traffic is flowing.  Wish there was some other level of verification regarding the applied threat-profiles

Thanks

Highlighted
L1 Bithead

There are a few sites out there that will test it for you from the Internet IN.

 

Or go out and find an EICAR - eicar.org

L4 Transporter

You may also refer to https://www.paloaltonetworks.com/documentation/81/wildfire/wf_api/get-wildfire-information-through-t... to pull some test files through your firewall to generate threat log entries

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!