Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
About ram_gubhaju
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About ram_gubhaju
04-05-2019
1Post
1Like
1Solution
Apr 05, 2019Last Visited
User
Activity
User
Profile
Latest posts by ram_gubhaju
| Subject | Views | Posted |
|---|---|---|
| 3197 | 04-04-2019 10:04 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 04-04-2019 10:04 PM |
User Badges
Community Statistics
| Member Since | 04-04-2019 09:55 PM |
| Date Last Visited | 04-05-2019 01:49 AM |
| Posts | 1 |
| Total Likes Received | 1 |
04-04-2019
10:04 PM
1 Kudo
The flags for 8.1 log is as follows 0x80000000—session has a packet capture (PCAP) 0x40000000—option is enabled to allow a client to use multiple paths to connect to a destination host 0x20000000—file is submitted to WildFire for a verdict 0x10000000—enterprise credential submission by end user detected 0x08000000— source for the flow is whitelisted and not subject to recon protection 0x02000000—IPv6 session 0x01000000—SSL session is decrypted (SSL Proxy) 0x00800000—session is denied via URL filtering 0x00400000—session has a NAT translation performed 0x00200000—user information for the session was captured through Captive Portal 0x00100000—application traffic is on a non-standard destination port 0x00080000 —X-Forwarded-For value from a proxy is in the source user field 0x00040000—log corresponds to a transaction within a http proxy session (Proxy Transaction) 0x00020000—Client to Server flow is subject to policy based forwarding 0x00010000—Server to Client flow is subject to policy based forwarding 0x00008000—session is a container page access (Container Page) 0x00002000—session has a temporary match on a rule for implicit application dependency handling. Available in PAN-OS 5.0.0 and above. 0x00000800—symmetric return is used to forward traffic for this session 0x00000400—decrypted traffic is being sent out clear text through a mirror port 0x00000100—payload of the outer tunnel is being inspected So the flag value available in the log, in your case "0x500019" should be AND with all the predefined hex value. If the value return after ANDing is matched with the predefined flag, then that is the flag for your log. In your case, for "0x500019" it matches with 0x00400000 :session has a NAT translation performed 0x00100000 :application traffic is on a non-standard destination port i.e. 0x500019 AND 0x00400000= 0x00400000 0x500019 AND 0x00100000=0x00100000 But the AND value results into zero for another predefined flag. e.g. 0x500019 AND 0x00000100=0x0 So for given log, flag is "session has a NAT translation performed" and "application traffic is on a non-standard destination port"
... View more
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks
