How to monitor source traffics in Paloalto firewall

Situation: The client has a problem to access a SFTP server. They would like to check the traffic status from the source. Here is how.

  1. Login Paloalto firewall.
  2. Navigate to Monitor>Logs>Traffic.
  3. Enter (add.src in ip address), for example ( addr.src in 67.162.114.94 ).
  4. Click search icon (narrow points to right)

Note: you can also search destination ip or port, for example,

( addr.src in in 67.162.114.94 ) and (port.dst eq 22)

(addr.src in 67.162.114.94) and (addr.dst in 10.0.0.86)

Note: If you don’t remember or don’t do it right, you can click on the IP address under Monitor>Source or Destination.

Published by

Bob Lin

Bob Lin, Chicagotech-MVP, MCSE & CNE Data recovery, Windows OS Recovery, Networking, and Computer Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com