If you are using Palo Alto Firewalls it could be at times difficult to see whether or not packets are being dropped. If they are being dropped by a policy, you can see that in the traffic logs, but if they are being dropped do to illegal tcp operation, which could manifest itself from asymmetric packets (you see the syn come in zone A leave Zone B and return zone C,) the session has timed out, but the application is using a longer timeout and tries to use a dead session, or many other reasons.… Read more
Tag Archives: Palo Alto
Palo Alto to HTML Script (2 of 30)
Posted by kencelenza
on October 16, 2014
No comments
I posted this on Palo Alto’s support site a while ago, but here it is in the open.
I wrote a perl script that I am using to display the ruleset from 4.1 through 6.x firewalls. It is as simple as I know how to make it, which probably isn’t that simple. I am not a developer, and if you look at my code it shows. I have seen several people ask for tag and zone based views, plus ability to export to excel, so this is an alternative method until PA supports that.… Read more