1

Have a Palo Alto Networks PA-200 firewall with the basic setup complete, all outgoing traffic allowed and working fine.

This is showing up in the traffic logs going from the created internal and external zones.

I have been unable to log traffic that is coming in from the external zone - using the packet capture feature I can see pings hitting the interface, but can not get any logs showing dropped packets.

How can I make this type of traffic visible?

There is next to no information online about configuring these devices and just getting this far has been quite hard work!

tag request: palo-alto-networks

SpacemanSpiff
  • 8,753
  • 1
  • 24
  • 35
xddsg
  • 3,392
  • 2
  • 28
  • 33

1 Answers1

3

What you are missing is an explicit deny rule that logs the traffic, but be careful, sometimes you have intra-zone traffic out there that is expected behavior.

So... create a rule from external to internal zones to deny all traffic with logging.

SpacemanSpiff
  • 8,753
  • 1
  • 24
  • 35
  • That worked, thank you. Now seeing dropped ICMP. 1. Added an explicit drop all on the incoming zone with the log setting ticked and log forwarding to panorama set. 2. Added NAT rule between the zone (with no translation). 3. New save and commit. – xddsg Nov 15 '12 at 19:07