This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How to check if a specific port/servic is getting passed throgh the firewall to a specific Public IP address

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to check if a specific port/servic is getting passed throgh the firewall to a specific Public IP address

PetrosKafkas
L0 Member

‎02-16-2024 06:58 AM

An IT Auditor stated that SNMP is listening through the firewall for a specific Public IP Address.

 

I have been filtering the network traffic on the PaloAlto 3020 for that specific IP address and also filtering with port 161.  BUt Id not see any results except that the 'Deny-Deny' catch all group was being used.  That is suggesting to me that the auditr's readings are false. 

 

Question:  How can I verify if port udp-161 is being allowed/used to a pass traffc thorugh the firewall?  Thus far I click on the

Monitor' tab and I only see any traffic from the fiter tab and then traffic is specifically being sent to port 161 and it is being denied (catch all rule).

 

Question:  If SNMP is being transfered from the indide world; how may I verify this?

0 Likes Likes
1 REPLY 1

JayGolf
Community Team Member

‎02-16-2024 02:51 PM

Hi @PetrosKafkas ,

 

From the top of my mind, it comes down to SNMP that is allowed via your security policies or an SNMP trap server profile configured for your actual Palo (Device -> Server Profile -> SNMP). 

To verify policies, I would double-check and verify that any internal traffic is not getting out to the questionable public IP. You can filter with any as a source with the destination being the public IP. You can also search with the public address as being the source and destination being any. Other than that, if you don't see SNMP being allowed via policy, don't see it configured as a manager, and see it being blocked then you can be confident that SNMP is not flowing through your Palo. 

 

The only other thing that comes into question is if there is a segment of your network that bypasses the Palo and has their own internet gateway. I would reach out to the auditor and see how the testing is being done. 

 

Good luck!

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes
  • 299 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks