Palo Alto Firewall not only allows you to monitor activity on your network, but also is a useful troubleshooting tool. This article shows you how to monitor and troubleshoot related to Host Traffic.
- To access Monitor, login admin account. Click Monitor.
- In the left , you have these Filter options:
3. Examples.
Example 1: To shows all traffic from host which ip address is 10.0.200.15, use this command: (addr.src in 10.0.200.15) .
Pay attention to these important info such as From zone, To zone, Destination IP, Port, Application, Action, Rule in next page.
Example 2: To show all traffic to a destination which IP address is 52.242.211.89, use this command:
(addr.dst in 52.242.211.89 ) .
Pay attention to these important info such as From zone, To zone, Destination IP, Port, Application, Action, Rule in next page.
Example 3: to shows all traffic coming from a host with an IP address of 10.0.200.35 and going to a host destination address of 52.242.211.89.
Example 4: To shows all traffic coming from addresses ranging from 10.0.200.10 – 10.0.200.100, use this command: (addr.src in 10.0.200.1/30).
Note: you cannot specify an actual range but can use CIDR notation to specify a network range of addresses.
Example 5: To shows all traffic with a source OR destination, use this command: (addr in 10.0.200.15).
Case 1: The client can’t access some websites.
Situation: the client has a problem to install Office 365. It takes a long time, sometimes 24 hours to install office 365.
Troubleshooting: We feel it is firewall blocking to access Office websites. ( addr.src in 10.0.200.15 ) and ( subtype eq deny ) command confirms it as shown next page. Note: Most those IP addresses are located outside of USA, which we block.
Please view this step by step video: